Access to the API is controlled by authentication and authorization permissions in coreplus. Each consumer application of the coreplus API is provided with a Consumer Id, Consumer Secret and an Access Token for authentication. The API URL, and consumer details (Consumer Id & Consumer Secret) can be found when setting up your add-on application as per the Create a coreplus add-on page
It is essential for security that you do not disclose your consumer application details to anyone outside of your team.
This API is intended for server to server transactions and is not suitable transactions directly with end user mobile or desktop applications. The API should not be called by in browser scripts. It is expected that API calls would be made by a backend service on server which may be connected to a UI.
- The API request will be directed to the appropriate URL for the requested endpoint. All communication with the API is done over HTTPS.
- The request should include an authorization header (for the purposes of this header it’s essentially a dictionary with 2 fields). The first field of the authorization headeris a key named “Authorization” and a value with an authorized Json Web Token ( https://en.wikipedia.org/wiki/JSON_Web_Token ) identifying the Consumer. The second field of the authorization header will have the key “content-type” and a value of “application/json”
The following is an example of a location GET request using the Python Request library directed towards the sandbox server.
*Note that the URL mentioned below may be a different version to the current version. Please refer Current API Version