Please refer to the API documentation section for the most up-to-date information
https://developer.finaleinventory.com/reference/start
--
The Finale Inventory API uses session-based authentication. You do not need an API key or special code to access the API, you simply use any Finale Inventory username and password to access the API. You can use a person's username and password to act on their behalf or create a special username and password for your application.
Here is an example in PHP on how to successfully log in and authenticate:
<?php
/*
USAGE:
Example call with account path component - test Authentication with Finale Inventory account via api
Replace these variables with appropriate values for your company and user accounts
Replace youraccountname below with your fianle inventory account name
Your account name is in between the slashes on your Finale Inventory log in URL.
For example your web browser URL for your account is https://app.finaleinventory.com/accountname/ enter the account name in lower case with no spaces
Replace finaleusername below with your username, the same one you log into your Finale Inventory account on the web
Replace password below with your password.
IMPORTANT NOTE: To avoid authentication issues, make sure your password does not contain special characters
*/
$host = "https://app.finaleinventory.com";
$authPath = "/youraccountname/api/auth";
$username = "finaleusername";
$password = "password";
$auth = finale_auth($host, $authPath, $username, $password);
echo "Authenticated successfully username=".$auth["auth_response"]->name."\n";
function finale_auth($host, $path, $username, $password) {
// Create curl handle with options used for all requests. Finale API authentication is cookie based, so cookies need to be enabled
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR,"");
// Login to Finale
curl_setopt($ch, CURLOPT_URL, $host.$path);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,json_encode( array( "username" => $username, "password" => $password)));
curl_setopt($ch, CURLOPT_HEADER, 1);
$response = curl_exec($ch);
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($status_code != 200) exit("FAIL: authentication error statusCode=$status_code\n");
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$body = substr($response, $header_size);
// Pull out all JSESSIONID cookie headers
preg_match_all('|Set-Cookie: JSESSIONID=(.*);|U', $header, $cookies);
// Don't return headers in future http requests to keep them simple (reuse to curl handle for automatic cookie handling)
curl_setopt($ch, CURLOPT_HEADER, 0);
return array( "curl_handle" => $ch, "auth_response" => json_decode($body), "host" => $host, "session_secret" => array_pop($cookies[1]) );
}
// Example program just tests authentication
//
?>
POST to the URL https://app.finaleinventory.com/{youraccount}/api/auth
to begin an API session. The body of the post should be as follows:
{ "username":"Frank",
"password":"thepassword"
}
If the username and password is accepted, then the server will return a 200 status code. If the username does not exist or the password is incorrect, then the server will return a 401 status code.
If successful, the server will return in the response body URLs to use to access the available resource collections:
{ "resourceFacilityUrl" : "{url},
"resourceHazardousMaterialUrl" : "{url},
"resourceInventoryItem" : "{url},
"resourceInventoryTransfer" : "{url},
"resourceInventoryVariance" : "{url},
"resourceInventoryVarianceSummary" : "{url},
"resourceOrder" : "{url},
"resourceOrderSummary" : "{url},
"resourcePartyGroup" : "{url},
"resourceProduct" : "{url},
"resourceShipment" : "{url}
}
Read (GET) access to the API requires the client include the cookie returned with the successful authentication request in the request headers for the following API requests. This may require steps in your code to so that subsequent requests to the API use the cookie returned in the authentication request (sometimes this is called setting a cookie jar for the requests).
Write (POST) access to the API requires that the client include the cookie returned both in the request header of subsequent requests and in the POST body. The cookie must be retrieved from the headers of the authentication response and then added to the POST body under the key sessionSecret at the top level of the response. See the example for more details.
Next step: Resource patterns
Comments
0 comments
Article is closed for comments.