This may be a silly question, but how do I allow an app to login as an account owner? The system_login API call requires a clientID, which then returns a page for the client portal, not the main account.
Does every potential user who downloads the iOS app need to go in and generate an API key also?
(I’m just at the beginning of experimenting on writing a native iOS app to allow users to add clients and invoices from their iOS device.)
The API works so that you can access invoice management (create, edit, etc) without the need to log into QuickFile. More often then not, the system using the API is tied either to a system that wouldn’t need to log in (e.g. an automated task) or to an existing user system (e.g. another piece of software like a CRM).
To access the API, you would need the account number, app ID and API key for the account you wish to access. As it stands at the moment, anyone wishing to use an app would need to provide these to enable the access to their account.
So, you could have a set up flow looking like:
- User downloads app
- User provides details (API key, app ID and account number)
- App stores these securely
- Any functions such as adding a user would then be done using the stored details
It’s also worth noting that the App ID can be restricted by function, so if a user hasn’t added the required function to the ‘approval’ list, an error may be returned.
I have some samples of returned data if you require any. Please let me know.
Thanks, I’ll work with that for now.
But ideally there ought to be a way the iPhone app can log into a users QF account with their username and password, and then automatically obtain the API keys for that account once the user has authorised the phone.
It’s not really user friendly to expect a non-tech-savvy person to have to go in and create an API key, add all the API calls, then manually type in the long Application ID and API key and their account number!
Maybe a mechanism where the iPhone registers a serial number to the account, and the user then logs into the account on a PC and clicks an authorize this iPhone button?
We’re always open to improvements. If you wish, you can start a feature request topic for this, and we’ll happily take a look if there’s enough interest from the community.
We’re happy to work with you on this. I agree that having an API endpoint for key retrieval is necessary if you’re developing for other users.
I will refer this to our development team and we will aim to have something ready for you within 1 week.
Thanks. It’s going to be a week or two before I get chance to start work on it anyway!
My gut feeling for how it should work is that the user generates a code inside the web account, and uses this code with their account number to enter into the iPhone app, which can then retrieve the keys it needs without needing to enter or store the user’s password on the device. It also makes it easy for the user to revoke the iPhone access without needing to change their main password.
I agree with the flow you describe here. To make this work we really need another degree of separation on our API to recognise “partners”. A partner may then use one of these user tokens along with their partner ID and a secret key to pull the necessary credentials for each respective user.
When the end user generates a token it will setup all the prerequisites automatically and that token will be keyed to you as the partner. We then just need an endpoint for you so you can pass the token to get the user’s API credentials and then call any further methods you need.
Thinking about this in more detail, it may take a little longer than a week… although it is certainly something we could put on our near-term plan.
OK more like 2 months, but we’ve finally implemented a new API Partner module for QuickFile (more details here).
This will allow any developer to create an application (web or mobile) that can leverage the API and allow end user consumers to simply grant access directly from their QuickFile account. Furthermore we will also promote your product in our new Marketplace area.
This is still very much a beta implementation but we are on-hand to assist any early adopters with the technical guidance needed to interface with the API Partner module. Any questions please just contact one of the team or post here.