I’ve maganged to setup the connection to the Exact Online API from postman.
Now I try to setup the connection from the SF but we running into an invalid_request error as a result.
I’ve used the same input variables and keys, so at the moment I’ve not a clue why this result is happening:
Has anybody in the community succesfully connected to the Exact Online API.
Best answer by Dick van den Brink
View originalVincent, thanks for the answer. I will upgrade the windows GUI.
Most important is that I managed to get it work at the end of the day. I still think it was a firewall issue.
On the test-installation it worked because the Indicium was reachable from the internet.
On the installation where it doesn’t work the Indidicum was not reachable from the internet. So I think I can send out the request, but the answer is not accepted because of a firewall issue.
On my test installation I was able to run the refresh token request as well a request to an endpoint.
So when the Indicium on the final installation is reachable from the Internet I will try again, but when it works on my test installation it should work as well on the final installation
Hi, I managed to get the refresh token work in the SF on the final installation. It retrieves a new set of an access token and a refresh token and I can store them in the system parameters table of the end application.
I’m however still struggling with the connection the endpoint. I managed to get it work once and I could see the content of the XML.
I’m now trying in a test situation to process the result, but now I run in authentication issues all the time.
This is the result of the header coming back.
| Http response headers | [{"Key":"Pragma","Value":"no-cache"},{"Key":"Reason","Value":"AuthenticationRequired: Authentication required"},{"Key":"DataServiceVersion","Value":"1.0;"},{"Key":"Content-Length","Value":"0"},{"Key":"Cache-Control","Value":"no-cache, no-store"},{"Key":"Content-Type","Value":"application/xml"},{"Key":"Expires","Value":"-1"},{"Key":"WWW-Authenticate","Value":"Bearer error=\"invalid_token\",error_description=\"Signed%20data%20extraction%20has%20failed\",Bearer"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"Date","Value":"Thu, 06 Jan 2022 20:40:38 GMT"},{"Key":"Connection","Value":"keep-alive"},{"Key":"Set-Cookie","Value":"ASP.NET_SessionId=asl12hqvem1f4n0xiecl20fp; SameSite=lax; path=/; secure; HttpOnly; SameSite=Lax,ExactOnlineClient=8WlJeRDs+ihV05VbfnwR1pnRYiiX2Fkxv5PuMVVqkGJ3FIPpePoDNlRq/WwrYo+aALJJERKBv3cCrWhzuJSbp0LyqLFAq9PTmGaVaiunUFeFQAgkr2A3fkrHjZxHrxOAeCsLZq8UZFqEI2QXoNyA+iNoPbld47gaPTdh3L3/vNw=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload"}] |
The refresh token key is only valid for 10 minutes (600sec) that makes live not easier.
I’m setting a timer on my watch all the time to run the refresh token process flow. The good news is that this works.
The access code is stored in de database,
But when I run the endpoint process flow I’m now always getting the authentication error.
See below the result.. As said I managed only ONCE to get a value in the leverancier_data variable
I also do not have a solution yet to get the first authentication code.
I do this still with postman. I put a hyperlink in a browser, then Exact asks me to login with the username password and the authenticator number (Google authenticator) Then you get a browser link back with a first access_code. But in this one I manually have to replace the %21 for a !. With that code I’m getting the first set of access_token/refresh token.
I really don’t know how to set this up with the exact login process?
Next step…. I found out that the refresh code may expire. If expired I can retrieve a new set without logging in again. I have this working via the TW application. I can retrieve the codes but the odd thing at this moment is that I can run the process flow to retrieve a new set of codes and I can store them into 2 system parameters in the TW application. So the refresh token is working. When I try to reach the end point I’m getting the autorization error. I ran it as well in postman with the code I got via the TW process flow and also there I’m running into an authorization error. Digging a bit further I saw a. message about base64 coding. So what I did, is rerun the refresh request from postman. Paste the access code into the application and then run the application. And then it works. I’m also able to retrieve data from the answer en putting it into a database field. So When running the refresh process flow via the TW application returns a valid refresh code but an unvalid access code. This clarifies the question that I saw it working once….
So apparently something is wrong with the access code coming back. Or I don’t know how to handle it, that is more likely the issue…
Hi Edwin,
Can you check the access token from Postman and the one you got back from the OAuth Refresh Connector with this website?
https://jwt.io/
I am curious if both are valid (and if there are differences). Of course the client_id and the expire time are different but the rest should be mostly the same.
I noticed the tokens Exact Online returns wont be valid in jwt.io, so that part of my reply can be ignored.
How do you use the access_token in the HTTP Connector?
I could get it to work by setting the HTTP method to GET and adding the following headers:
[ { "Key": "Accept", "Value": "application/json" }, { "Key": "Authorization", "Value": "Bearer {var_access_token}" } ]I have a variable in my process flow called “var_access_token”.
I have made a successful connection to Exact Globe (not using the http connector currently available but an older connection method). But I have also made a successful connection to a different system using the HTTP connector the SF currently supplies.
What version of the SF are you using?
And can you post the postman connection that is working for you (filtering out any sensitive data).
Hi Dick, this is what I have in my headers..
[{"Key":"Authorization","Value":"Bearer {access_token}"}]
In the content_type: application/xml
In the content the variable where the reponse it stored
In the HTTP method; GET
And in the URL the: endpoint address
Hi Erwin, we using SF 2021.2.
And we’re trying to talk to the exact-online API… (That’s something different then Exact globe?)
This is the setup in postman to get the refresh key which is working in postman.
This is the first step I try to get working in the SF.
Below is the result in Postman when we open the <> code section to see what we send.
We’ve tried to add the cookie as wel but with the same result.
curl --location --request POST 'https://start.exactonline.nl/api/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: ASP.NET_SessionId=0d23215kwpt3zlddlc4y4gz2; AWSALB=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; AWSALBCORS=1pnr4OGoFBfALC+ixp0QrxPOKyfXiDhu2s915jf5e6RLIk0DdH/riVG2h9YlA4E29JIJ4BAj+PbkrCBoe1LB2XWbsvRl8wM4SbA3z4qUX845N9Kr6xb7nLFJlH/+; ExactOnlineClient=kVdQFzO29SAu20b+Hj9pHeryWQqExS1/uNm6W0chlYN1vWb3e1s5cxKHq8HPKyyTMbRTRkgQJj0kzGstxZsM1u+AZtd36ev7ol+gVDmGns1n7qOJoKQF/MKfcwUULYm4chHkzfo2HsmR7FVaI0+q1gO7ks0+nSgP+FsGuqdDceU=; ExactServer{79a383a7-1e93-42ec-841e-61b7ae40e41e}=Division=3084597' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=Y2MN!IAAAAA5UpJQK5Eh-bKOyeoJwlYAnV-pUHsyI-psvA0WDI8r04QEAAAF3OJA1gQ_a6WXxg-IZdsxmpU2X_7x_osBjJ9AsmxS8ZaH4rIza3JOgWHo4Xv8Mve8aVGNsnQ7My4ApS-HO67H_d0843Pux1Tp-Ugfx47pd7bv_Ijqa_jeef3_IU3M1K_EnbOQbxozlGLegl2_ZpUlFQH8hsiFfyzIm5mS8x0n9Sx3J8FouDfBCTg0T-dkdWfrOICSUXkOsN0I_eY83dqkvpijS0Eh7WHUrJbkxl1VTPR4IzPPybhPKHF9KCTkYfWixq4OczhGEYnMaFht5uYC65Q-VCC6crLBZfyumFoLEK2tZZz7F_s8IdfFdZHsBq8WJFcm0l8puxfEROWGTUwM_Bd4S76QruEM2J9DqLop6fmCIoIAQmsdnt0rQlqiJP7uOQi3BxtMo9XYG1L_qQ9brtz_lkGu-_hAV1y9JrEUmggRO57E2MxFuHxS-aOyE6LrPy9Gd4NXHcUmVVjBjCPMiZd2EvT77uGxKKQ12BqgvBKEYgqVJKjCOSMRNNt5zAWay6BRbDlfF3yP0jrxt262-78j1wE9d-kUSa6ltnh0WHuaT1voWs8XLa-K6jTFijBZfbQRdRFWSe7-1kWqY3VeaupXiXE3u54dCAhcTDyUxupvPSBc6nwBuTtxt7COjTIE' \
--data-urlencode 'client_id=645d2b8……………..cf6bc8c2d' \
--data-urlencode 'client_secret=eL……...TBJ'
I hope you can help me out...
For exact: With a post you send JSON
With a get an XML is returned.
So in postman we only send:
grand_type=refresh_token
refresh_token:abcdeetc…. (The one we get from the API)
client_id=
cleint_secret=
No params, Authorization is set to Bearer to, no specific headers and the params above are setup in the body. Postman sends them as application/x-www-frin-urlencode
So we copied that to the SF. Kevin helped me this morning to get this working. But we’re gettting stuck when setting up the same connection in the SF
Can you also post a screenshot of the headers you are using in Postman. Postman and SF do not necessarily use the same headers.
Exact Online can also return JSON from a GET request, with the right header as documented here.
https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Simulation-header-types
For the current issue, you said you could get the new codes and that after that it didn't work correctly anymore, specifically the access_token. Is the datatype for the access token long enough? (also in the process procedures?).
Also note, Exact Online doesn't allow refreshing the access token before 9 minutes and 30 seconds are passed, according to their documentation. So always calling the OAuth Refresh Token Connector might not work.
I am also working on a small guide, to make it more clear how to use the OAuth connectors, but it might take a while for me to finish.
Hi Erwin,
here’s the screen with the headers. I’ve displayed the hidden headers as well
Dit is wat ik terugkrijg in de headers. We sturen dus geen headers mee, maar bij de output vul ik wel de procesvariabele met de headers die we terugkrijgen
| headers | [{"Key":"Content-Length","Value":"27"},{"Key":"Cache-Control","Value":"no-cache,no-store"},{"Key":"Content-Type","Value":"application/json"},{"Key":"Expires","Value":"-1"},{"Key":"Pragma","Value":"no-cache"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"Date","Value":"Fri, 19 Nov 2021 14:20:46 GMT"},{"Key":"Connection","Value":"close"},{"Key":"Set-Cookie","Value":"ExactOnlineClient=YbflRElZbBBKXYLhlCvSlj7hctMcpCHq7mcO8wACYt15agMdANvT07jRM73OcVh886KPECsAEu+ioKUHseMF1xj56Bb4noWvU7VjaxbjtLL1eMO+frXa9dX0wbLHaHRcJoUJAliTVCqq0Ts4dMibQId+vXWlkWXxQGAAE9/gjJ4=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload,max-age=31536000 ; includeSubDomains ; preload"}] |
Can you try adding the header: [{"Key": "Accept", "Value": "application/x-www-form-urlencoded"}]
Also what authentication are you using in the SF HTTP connector?
We’ve set Nothing for the authentication type. Should we?
And tried to add the header as you suggested. I copied it exactly what you described, so including the [ and the { including/till the }] But still I’m running into an invalid request
From the green dot in postman it suggest you added authentication there. So the same request from the SF should include the same authentication. Try adding the authentication and check if the error changes.
Is this what you mean? What should I change in the SF. SHould I add setup the authentication type with Bearer token
I have only a few options there. I cannot choose the option bearer token of am I looking in the wrong place now
Authentication is something else then authorization?
Here you can find some more infomation regarding OAUTH tokens:
https://docs.thinkwisesoftware.com/docs/sf/process_flows#oauth-connectors
The link is currently down. go to docs https://docs.thinkwisesoftware.com/ and in the search bar type Oauth Flow
Here is some additional info regarding connecting to exact online:
https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Content-oauth-eol-oauth-devstep3
Dick, It’s all working at the moment. I store the expiration datetime and when expired I do a refresh token call. That works fine. That’s only one extra step in all my process flows. And indeed somehow my process flow variable was set to 250 characters and the token is 700 so that’s fixed as well.
When it all works, it’s very simple, but to find out how how to get all the headers, tokens, json, input and output parameters in the right place in the right format is quite a challenge.
I’m now setting up step by step all the endpoints. Accounts, BankAccounts, SalesEntries etc.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
