APIs

All APIs require subscription key and access token to use. Users are authenticated with OpenID Connect (OIDC) and authorized by OAuth 2.0. More information from here. It is recommended to use OAuth 2.0 Authorization Code Flow to get the required tokens.

Resource Owner Password Credentials authorization flow is also supported but in that case app and resource owner need to have high level of trust since app needs to have user credentials at hand.

Before API can be used Vitec Futursoft needs to add app definition for the usage purpose which defines available APIs, scopes and client secret. API is always used as some AutoFutur/KoneFutur user. User needs to be added and linked to AutoFutur/KoneFutur user.

OIDC metadata documents

Authorization Code flow: https://vitecfutursoft.b2clogin.com/vitecfutursoft.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signin

Resource Owner Password Credentials flow: https://vitecfutursoft.b2clogin.com/vitecfutursoft.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_ROPC

Example: Getting tokens with Resource Owner Password Creadentials flow

curl -L -X POST 'https://vitecfutursoft.b2clogin.com/vitecfutursoft.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_login' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=<username>' \
--data-urlencode 'password=<password>' \
--data-urlencode 'client_id=<client id>' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=openid https://vitecfutursoft.onmicrosoft.com/futur-apis/product:read'

Scopes

API users should include appropriate tokens in token gran request even though API may not yet enforce them. Scopes will be required in future releases.

Subscriptions

For testing and development purposes, we provide a common subscription key. This you can request from your contact person at Vitec Futursoft via email.

Production use subscriptions are granted only after the given API product has been purchased.

Subscription key should be sent in every request in Ocp-Apim-Subscription-Key header.

Example: Getting product supplier information

curl --location --request GET 'https://api.futursoft.net/product/v1/supplier/1' \
--header 'Ocp-Apim-Subscription-Key: <subscription key>' \
--header 'Authorization: Bearer <access token>'