Apex EDI Vendor Portal

Apex EDI API V3 Documentation

Proxy Login API (deprecated)

The proxy login API described in this page has been deprecated. The REST calls described here will still succeed, but the URL generated by the GetUrl call will only take the client to the Apex OneTouch website login page. It will no longer log the client in to the website.

The proxy login API allows the vendor to log a client user in to the Apex website without the user having to provide credentials. The vendor does this by calling an Apex API to obtain a URL that will log the user in to the website. The vendor then launches a web browser with this URL.

The proxy login API consists of three calls: one to create a token for a particular client installation, one to generate the login URL using the token, and one to delete a token that is no longer needed.

API Calls

GetUrl (deprecated)

/api/v3/proxylogin/get_url?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>&token=<token>

This call has been deprecated. Calls to it will still succeed, but the generated URL will only take the client to the Apex OneTouch website login page. It will no longer log the client in to the website.

This call is made to obtain the URL that will log the client in to the Apex website. The URL contains a one-time-use token that is good for one login. The embedded token expires after a limited time, so the URL must be used immediately.

The caller must supply a token that was generated earlier by a call to CreateVendorInstanceToken for a particular instance ID. Note that since the token is included in the URL, it must be URL-encoded to escape characters that are not legal in URLs.

Curl Example

481C70ED-F364-48B2-AF51-373AFB5D0763 curl -X POST https://sandbox.services.apexedi.com/api/v3/proxylogin/get_url?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>&token=<token>
--header "Authorization: Basic <vendorkey:vendorPassword as base64 encoded string>"
--header "Content-Type: application/json"

Responses

Login URL Successfully Returned:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "resultCode": 0,
  "errorMessage": "",
  "url": "http://onetouch.apexedi.com/secure/Login.aspx?vendor_sessionid=cMVeqjSNiD%2fHzPC5UxP%2bRgP8dy5%2bYgKT%2bXQiIWewk9M%3d"
}

Invalid Credentials:

  • HttpStatusCode: 404 (Not Found)
  • Body:
    101: Invalid or unknown vendor credentials or vendor not authorized.

Instance Is Disabled:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "resultCode": 3,
  "errorMessage": "The user name or token is invalid.",
  "url": ""
}

Proxy Login Is Disabled For Vendor:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "resultCode": 3,
  "errorMessage": "The user name or token is invalid.",
  "url": ""
}

No instanceId Parameter Supplied:

  • HttpStatusCode: 404 (Not Found)
  • Body:
    {
  "Message": "No HTTP resource was found that matches the request URI 'http://sandbox.services.apexedi.com/api/v3/proxylogin/get_url?vendorSiteId
=XYZ&token=VMoGogdUAOA9XstblIDFAa%2b7Zf%2f1MBHVHdcB%2fkCh4cE%3d'.",
  "MessageDetail": "No action was found on the controller 'ProxyLogin' that matches the request."
}

Incorrect Token:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "resultCode": 3,
  "errorMessage": "The user name or token is invalid.",
  "url": ""
}

CreateVendorInstanceToken

/api/v3/proxylogin/create_instance_token?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>&instanceName=<instanceName>

This call is used to obtain a client-instance-specific token that is required for a subsequent call to GetUrl. The token is highly sensitive and should be protected as strongly as possible by the vendor, via encryption, etc. The intent is for there to be one such token for each computer on which the vendor's software is installed, so that there is no need to transport the token to other computers belonging to the same client. It is suggested that the vendor software should acquire and securely store the token locally after the vendor software is installed.

The instance ID must be supplied to identify the particular instance of the vendor software with which the token is to be associated. An instance name must also be supplied. The instance name is simply a string to help identify the instance if it ever becomes necessary to communicate with Apex about the token. The instance name can be anything to identify an instance such as Buckner Boulevard office or JANET-PC.

The instance ID is a GUID, which consists of 32 hex characters in five groups separated by hyphens, e.g., 01CE7300-140D-499F-A5A7-F2316879C07E. The GUID must be unique among all the instances for a particular client. It is recommended to simply make the GUID globally unique.

Curl Example

curl -X POST https://sandbox.services.apexedi.com/api/v3/proxylogin/create_instance_token?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>&instanceName=<instanceName>
--header "Authorization: Basic <vendorkey:vendorPassword as base64 encoded string>"
--header "Content-Type: application/json"

Responses

Token Successfully Returned:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "token": "0/T1+ynfgKFbRyYa1WSvapWyUXejr/59lQLHF6apCrE=",
  "resultCode": 0,
  "errorMessage": ""
}

DeleteVendorInstanceToken

/api/v3/proxylogin/delete_instance_token?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>

This call is used to delete an instance token that will no longer be used.

Curl Example

481C70ED-F364-48B2-AF51-373AFB5D0763 curl -X POST https://sandbox.services.apexedi.com/api/v3/proxylogin/delete_instance_token?vendorSiteId=<vendorSiteId>&instanceId=<instanceId>
--header "Authorization: Basic <vendorkey:vendorPassword as base64 encoded string>"
--header "Content-Type: application/json"

Responses

Token Successfully Deleted:

  • HttpStatusCode: 200 (OK)
  • Body:
    {
  "resultCode": 0,
  "deleted": true,
  "errorMessage": ""
}