API user access keys

To create an api access key for a specific user, the API expects a POST request. Unlike other API requests, an authorization header is not needed.

POST Authentication/ApiAccessKeys

Example request

{
   "username": "Quasimodo",
   "password": "VerySecretPassword",
   "officeCode": "YourBaseconeOfficeCode",
   "clientIdentifier": "81638f6b-2e84-4abb-ab61-634afb455d15",
   "clientSecret": "iaq2DGp243kYA2PcmuQYTqcQ26cBOFQ+t8U92S8JX1zZASnzwOmu680pFwVs/NPE2zoQDWzM0QSNdYRc"
}

Username, password and office code are the same credentials the user needs to log in to the Basecone Webportal. The client identifier and client secret are send by email when the client application was registered with Basecone.

Example response

{
    "apiAccessKey":"76e8a07e-db7c-47c1-bc65-f39ef600b9ad",
    "userId":"34e8a07e-db7c-78c1-bc65-f39ef611b9aE"
}

Possible error responses

Status code	Error code	Details
400	user_credentials_invalid	Credentials of specified user are not valid.
400	user_has_no_roles	User has no roles assigned to him, user should have at least one role to be able to authenticate.
400	user_locked_out	This user is temporarily locked out, due to too many failed authenticate requests.
400	client_credentials_invalid	The credentials of the specified client application are not valid.

• General
  • Authentication
  • Collections
  • Error handling
  • Optional fields
  • Common objects
• Resources
  • Access keys
  • Accounting systems
  • Authorization
  • Companies
  • Cost Centers
  • Cost Units
  • Customers
  • Documents
  • General Ledgers
  • Office
  • Periods
  • Projects
  • Suppliers
  • Transactions
  • Transaction proposals
  • Users
  • Vat Codes
  • Vat Specifications
  • Vat Periods
  • Webhook subscriptions
• Webhooks
  • Document events
  • Transaction events