This article covers, how you can complete the Oauth authorization flow from ItsaCheckmate portal.
Overview
Before your application can access private data for any location using ItsaCheckmate APIs, it must obtain an access token that grants access to that API.
This document will cover how to make an authorization request to obtain a one time verification code, which you have to use in the Get Access token API to generate your access token. You can then use that access token in your request headers to access ItsaCheckmate APIs.
The location for which you have requested authorization will be associated to your access token and you do NOT need to send that explicitly in any of the APIs.
Step 1 - Visit the Market Place page
On the market place page, you can see the Oauth application you just created under the Third Party Applications Section
Since the Authorization process is not yet started, you will see the authorization state will display Authorization Required
Click on the Authorize button
When clicked, you will see this popup.
As the above screenshot says, user will have access the location provided in the request, its menus and will be able to place orders on that location.
You can click on Cancel to close this popup and halt your authorization flow.
Step 2 - Users are redirected to your redirect URI with a verification code
Once you click on authorize, the user will be redirected to the redirect URI shared by you in the authorization request along with a verification code. This verification code can only be used ONCE
to request an access token and a refresh token.
Once your application receives the verification code on your redirect/callback URI, you'll have to request for a new acess token via the Get Access Token API.
The Get Access Token API will return you an Access Token and a Refresh token. Access tokens do expire over time so to renew them, you'll have to use the refresh token by the Refresh Token API. Your application will be responsible for saving the access and refresh tokens associated to the user profile against each location. For every location you want access for, you need to generate seprate pair of tokens.
Once you have the access token, you can send it in the headers in any of the APIs related to location.
Step 3 - Get the Location
If you visit the Market place page again, then you can see the authorization state will be changed to In progress
At this point of time, you are now able to call the Get Location API to get more detailed information about your location.
At any point of time after the authorization state has been moved to In progress, you can click Disconnect to destroy your current access tokens and start over from step 2
Step 4 - Activating the Location
After you've successfully generated your access token, in order to access the Get menu and Submit order APIs for the location, you first need to authorize/active the location. This is the very first API you will hit before starting to use any of the subsequent APIs. If you've not activated your location, you will receive Location not authorized in the menu and order APIs.
On the Market place page, you will now see that the authorization state will be changed to Authorized
Step 5 - Access the APIs
Now that you've generated your access token and successfully activated your location, you can start exploring ItsaCheckmate APIs. There are 3 major APIs to work upon
- Get Location - This API will give you details of the location. Refer Get Location for more details.
- Get Menu - This API will give you the menu of the location for a particular order source. Refer Get Menu for more details.
- Submit Order - This API will be used when you are submitting an order against your location for a particular order source. Refer Submit Order for more details.