Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Documentation on the usage of the REST API can be found here: https://apidevelopers.maxxton.net/maxxton/v1com/documentation

Create REST API authentication

Access to the REST API can be configured in the Maxxton software backofficeback office

  1. In Maxxton software go to the "Back Office Integration Manager".
  2. In the menu on the left panel select "API Userusers".
  3. Scroll down and click "New API User".
  4. You can add integrations by clicking the Add integration button in the top right corner

  5. Company/user details: Fill in all fields with the details from the company that this API user will use and click "create API user". When
    Use a generic email for the company as this will probably later be used to inform on maintenance/changes to the REST API
  6. Now the API user is created , click on it and open it.
  7. Scroll down and assign the correct admin organisations.
  8. Click "Create API key"
  9. Fill in a proper description.
  10. Assign the correct distribution channel to the API key or keep it empty and we are going to configure the settings. Click "Next step" to proceed
  11. Admin organization: Choose which admin organization the new API user should have access to and click "Next step".
    You can choose to grand access to all admin organizations or select the specific 
  12. The API user is totally configured and created now. The next step is to create an API key for the API user to be used to access the REST API. Click "Create credentials" to do this
  13. Application information: Fill in the name of the application that the API key will be used for and click "Next step" to proceed
  14. Distribution channel: Assign a specific distribution channel to be used by this API key(select "Use a predefined distribution channel") or keep it empty(select "Define distribution channel in API call") to give it access to the information of all distribution channels(this means all data that is restricted to a particular distribution channel like reservations which are created by a particular distribution channel)
  15. Select the correct reservation category. This will be used to auto-select and only allow this particular reservation category to create a reservation for. In case no fixed reservation category is used, the reservation category can be kept empty and this can be provided in the create reservation calls without any limitations.
  16. Select the min-release-status, this means which data should be returned to the client based on release statuses.  When selected close it will provide access to close and all statuses up to everybody. When selected everybody it will only provide access to the everybody status. Same applies to the other release statuses in between.
  17. When finished click "create", the window will close.
  18. The created API key shows up, click the dots at the end of the new API line which you just created and click "details"
  19. Go to the "edit permissions" button
  20. Add the permissions to the different features that are needed.
  21. Now the API access is configured and .
    This means only data from the selected distribution channel will be available from the API. For example reservations, will only return the reservations created by the selected distributionchannel. Also for creating reservations only the selected distributionchannel can be used. This is the recommended way
  22. Reservation Category: Assign a specific reservation category to be used by this API key(select "Use a predefined reservation category") or keep it empty(select "Define reservation category in API call") to give it access to creating reservations with only a specific reservation category or all available reservation categories by specifying this in the create reservation request.
  23. Release status: Choose which release statuses should be accessible from the specific API key. The lower the status the more data will be returned.
  24. Permissions: Choose the permissions for the API key. This will give access to the API endpoints using the provided permissions. In this way, you can limit the data available for the API key. 
    - For each permission there are 4 options: GET, PUT, POST and DELETE. The GET is to fetch(GET) data from the API, PUT will give the possibility to update existing data, POST will give the possibility to create new data(for example new reservations), DELETE will give the possibility to delete existing information.
    - By clicking on the top icons you can give access to all endpoints at once.
  25. After selecting all the permissions the API key should have access to click "Create credential" to create the API key.
  26. You will be provided with the client_id, API key, concern id, and an example authentication call. This can be used to authenticate to the API. See for more details on authenticating the documentation
  27. Click close to close the wizard and the API user and the key is available and can be used by the company/user who is going to build something against the Maxxton REST API.

FAQ:

  • The API key configured on the production environment is copied to the acceptance environment whenever that environment is refreshed. This means you can use the same API key for both environments if the production environment was copied to the acceptance environment. Before a refresh has taken place the keys need to be created manually on both environments separately(also the API keys will be different if created manually)
  •  After the API access is configured, the application can authenticate using: https://

...

...

...

  • _oauth2
    1. The client_secret is the "API key" which was generated in the Integration Manager and can be found by selecting an API user, select a specific "Credential". This is the "Api key" on the top
    2. The client_id is the "Client Id" which was set in the Integration Manager and can be found by selecting an API user. This is the "Login/client id" on the top
    3. The scope/concern code is the code in the URL of the environment, for the production environment, this is the part before the . from the subdomain of mxt.maxxton.net and for the test environment the part without the -test.maxxton.net
  • For other questions please contact our API support: api@maxxton.com