Unathorized Access on Getting Cashbook List

  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi Guys,

As my title says, I seems to have a difficulty on getting a list of my cashbooks. But when I tried it in the https://reckonproduction.portal.azure-api.net it is working fine. But when i tried it in the application I am working at, I am getting an Unauthorized error. 

I also encouter this issue on the Postman.

The thing is, when I tried the Heartbeat https://api.reckon.com/R1/heartbeat. I am getting an OK response result which is I think means that I am connected. But when I proceed on getting the list of my cashbook the Unauthorized error occurs.

Hope you can enlighten me on this one
Thanks for reading.
Good day.
Photo of Jerwin Ollica Plaquia

Posted 3 years ago

  • 1
Photo of Simon Hutchinson

Simon Hutchinson, Employee

  • 2,502 Points 2k badge 2x thumb
Hi Jerwin,

This sounds like a token problem based on the fact that the heartbeat is working for you. It is the only one that does not require the identity token to be sent.

Can you confirm that you are getting a token back from the identity server and then sending that within a Authorization: Bearer header?

Thanks

Simon
Hi Simon,

Yes I am getting a token back. And I am sending that to the https://api.reckon.com/R1/cashbooks together with that token with "Authorization: Bearer" header.

Here is my screenshot in the Postman
1) Response from Postman.

2) Here the request I sent from Postman.


Thanks
Photo of Simon Hutchinson

Simon Hutchinson, Employee

  • 2,502 Points 2k badge 2x thumb
Hi Jerwin

We have had a look at the logs and it appears you are setup for authorization code as your Oauth 2.0 process

Please read the Authorization code documents on this page

https://reckon.helpdocsonline.com/reckon-api-authorisation-services

Can you please confirm that you are first obtaining a authoriation code from the service and then using that code to retrieve a access_token from the service

Thanks

Simon
Hi Simon, 

Yes I have followed the steps on how to get the tokens as per your documentation under the Authorization Code.

Yes I am getting an access_token together with the id_token from the https://identity.reckon.com/connect/token.


EDIT:
Oh! I just tried using the access_token on the Postman, and I got the cashbook list as expected.
So that how it is, I will be using the access_token, instead of the id_token, is this correct?

If yes, then what would really be the use of the id_token?
Is this for the refreshing of the access_token?

Is the id_token will be the <<REFRESH TOKEN>> in this https://identity.reckon.com/connect/token when I am going the refresh my access_token to continue using the Reckon One Api?
(Edited)
Photo of Simon Hutchinson

Simon Hutchinson, Employee

  • 2,502 Points 2k badge 2x thumb
Hi Jerwin

The id_token is used when you are using the implicit flow for Oauth 2.0, as you are not using it you do not need to use that.

To get the refresh token you can use a silent process to request the refresh_token. The process is detailed on this page

https://reckon.helpdocsonline.com/reckon-api-authorisation-services

Typical refresh token request call

To use the refresh token to obtain a new access token, you need to send another call to the service. The typical call is as follows:

 

URL

https://identity.reckon.com/connect/token

Type

POST

Body

grant_type=refresh_token&refresh_token=<<REFRESH TOKEN>>&redirect_uri=<<REDIRECT URI>>

After this call is successfully sent the response will again include a access token (which is used to access the API) and a refresh token which can be used in the future to obtain another access token. The refresh token should always be recorded to ensure that you can get a updated token without the users interaction.

 

If you do not have a refresh_token, it means you have not requested offline_access as part of the scopes in your initial Oauth 2.0 connection.



Thanks

Simon
(Edited)
Hi Simon,

I see.
Okay okay it makes a lot more sense now.

Thanks for your help and assistance
Good day.