Authentication

Bearer token and Resource Owner Password Credentials

Bearer Tokens and Resource Owner Password Credentials can be created from Settings > My account in tracezilla.

Replace example-company and {access_token} including the curly brackets.

1
2
3
4

curl -X 'GET' \
  'https://app.tracezilla.com/api/v1/example-company/invoices?booked_status%5Beq%5D=pending' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {access_token}'

Get token from Resource Owner Password Credentials

Resource Owner Password Credentials lets you obtain Bearer Tokens based of a set of client credentials, username and password from a system user. The client will have the same permissions as the user that is included in token request.

To create a dedicated API-user, for the purpose of obtaining a Bearer token, navigate to Settings > My Account > API Tokens within tracezilla.

To get a Bearer token from your Resource Owner Password Credentials , replace <Client ID> and Client Secret with the values from My Account settings, and <Username> and Password with information from the user you want to connect as:

1
2
3
4
5
6
7
8

curl -X POST "https://app.tracezilla.com/oauth/token" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=password" \
  --data-urlencode "client_id=<Client ID>" \
  --data-urlencode "client_secret=<Client Secret>" \
  --data-urlencode "username=<Username>" \
  --data-urlencode "password=<Password>"

Use "access_token" from the response as the bearer access token. Example response:

1

{"token_type":"Bearer","expires_in":31536000,"access_token":"...","refresh_token":"..."}

X-CSRF-TOKEN

Custom templates

In custom templates, you can inject an ephemeral CSRF token using the system_token liquid filter.

Example javascript:

1
2
3
4
5
6
7
8
9

const CSRF_TOKEN = 'csrf';
const res = await fetch(tracezillaEndpointUrl, {
  endpointHttpMethod,
  headers: {
    "X-CSRF-TOKEN": CSRF_TOKEN,
    "Content-Type": "application/json"
  },
  body: JSON.stringify(myRequestBody)
});

Swagger API docs

An X-CSRF-TOKEN is automatically supplied as a header if you’re using the Swagger API documentation to make requests from your browser as a Power Pack supporter.

1
2
3
4

curl -X 'GET' \
  'https://app.tracezilla.com/api/v1/example-company/invoices?booked_status%5Beq%5D=pending' \
  -H 'accept: application/json' \
  -H 'X-CSRF-TOKEN: {yourCsrfToken}'