coreplus API

The coreplus API provides access to appointment booking related end points, such as clients, practitioners, availability slots and appointments. It is a RESTful API, which utilises the HTTP verbs for creating viewing objects.

If you are a developer looking to create an external consumer server to server application for your coreplus clients, then by signing up for a sandbox account you will get access to your own trial coreplus account on our sandbox server with authorisation credentials.

FAQ

Q. I’m receiving an Invalid token error when I try to make an API call.

A. This problem is most often caused by an invalid authorisation as the error reports. Either the token you have created is incorrect or the authorisation header containing the token is incorrect. We would recommend you re-read the pages on creating a Jwtoken and Authentication carefully taking note of the specifics in the description sections. Some common causes that other developers have had previously are:

  • Not setting the nbf and exp fields of the token in UTC Unix time. At https://en.wikipedia.org/wiki/Unix_time there is an explanation of unix time and at https://time.is/Unix_time_now you can see an example of the current UTC Unix time.
  • It could be caused by not specifying the content type as “application/json” in the authorisation header
  • It can be caused by not formatting the authorisation field value correctly with a space between “JwToken” and the actual encoded jwtoken string

 

Q. I’m receiving an Invalid token error after I published my app to the production environment but it still works on the sandbox environment.

A. We receive support calls about this very frequently. In almost all cases, the developer has not updated their application to use the production environment api credentials and they are still using the sandbox credentials when trying to connect to the production url. If you are experiencing this problem we suggest you.

  1. Double check the: Consumer Id, Access Token, Secret and the URL you are connecting to. Make sure they are using the values provided to you for the production environment and not the sandbox environment. It is probably a good idea to build your app so you can easily modify these parameters to be able to adapt from one environment to another and also in the event that you want to publish your app to multiple coreplus customers.
  2.  It is always a good idea to ensure you can decode your own JwToken with the credentials you have been provided with. For example if you were using the python language as has been used for most of the examples here, you would using the following code snippet to test your token.

import jwt
jwt.decode(jwt=jwtoken, key=secret, verify=True, algorithm='HS256')

The result from this query should say Signature Verified or Signature Expired depending on whether you ran it before the expiry time used in the construction of the token. If the result is Signature Verification Failed then it means either the secret or the algorithm you are testing with, doesn’t match what you created the token with. Other programming languages will have similar functionality for decoding JwTokens.

 

Q. When I try to call one or more particular endpoints I receive the following 401 error:

{“result”=>[{“severity”=>2, “reason”=>”Not authorized for viewing <some part of the target endpoint>”}]}.

e.g. {"result"=>[{"severity"=>2, "reason"=>"Not authorized for viewing client list"}]}

A. You may not have selected sufficient permissions in the application details when you were setting up the application. In the above example there is a permission called “VIEW_CLIENTLIST”. If that was not ticked when you enabled your application, you will receive the error in the example when you try to query it.

Alternatively you may have added a permission after the application was enabled. The applications effective permissions will not be updated until you re-enable the application. Simply disable, then enable the application again and it will have the new permission set.

To locate the application details page follow the directions on https://developers.coreplus.com.au/api/overview/create-coreplus-add-connect-api/ page

 

Q. I changed the permissions in my app settings, but I’m still getting unauthorised errors when using the related endpoint?

A. After you’ve changed your application permissions from within coreplus, you will need to go to Settings > Add ons and open your app, then disable and re-enable to activate the changes. This also applies to all other changes in the app’s settings found in the Developer > Applications area. In the production environment the requirement to re-enable forces the customer to agree to the terms and conditions again, so you may want to consider updating the terms and conditions.

 

Q. The standard endpoint list is not quite returning all of the information I require, is there a way to get more information?

A. Yes we have some endpoints in addition to the standard list of endpoints that can be enabled upon request. The reason they are not enabled by default may be because the additional information may require privacy and or security agreements with us and your customer that you are creating the application for, or possibly the feature may require some customisation to be enabled in the customer’s account. So please contact our Customer Success Team at support@coreplus.com.au

Develop with us

Use the form to sign-up and start developing with coreplus today.


Please leave this field empty.