shoeboxed / api Goto Github PK

View Code? Open in Web Editor NEW

14.0 14.0 5.0 416 KB

Official API documentation for integrating with Shoeboxed https://www.shoeboxed.com

api's People

Contributors

Stargazers

Watchers

Forkers

why-not-sky sb-australia pierrickpuimeanchieze slixxkilla theo-armour

api's Issues

Prebuild Python API client

It would be very useful to be able to get the Python API client for the swagger via PyPI

Ability to filter list of documents by modified

When requesting documents via /accounts/{account}/documents/ it would be useful to filter where Document.modified >= fromModified (DateTime)

Issue refresh tokens [OAuth 2]

We currently issue only long-lived access tokens (1 year expiration date). This means after a year has passed, a user will need to re-authorize API apps they are using.

We intend to offer refresh tokens to enable API apps to automatically refresh old access tokens server-side. We've run into a bug with our OAuth2 provider that seems to be preventing refresh tokens from being issued.

Once issue is resolved with our OAuth 2 provider, we'll get refresh_tokens added ASAP and update documentation.

enable 'implicit grant' type [OAuth 2.0] by default

Ability to specify sort order for list of documents

When requesting documents via /accounts/{account}/documents/ it would be useful to be able to specify a sort order. For example, by Document.modified or Document.issued

How to initiate Shoeboxed Swagger UI?

I am trying to initiate the Shoeboxed Swagger UI at:

https://api.shoeboxed.com/v2/explorer/index.html

The goal is to fill the input with "OAuth Client ID" as placeholder text with the correct data.

Here is what I am doing:

Create a test app at https://app.shoeboxed.com/member/v2/settings#api with a redirect url of https://api.shoeboxed.com/v2/explorer/o2c.html. I have received an ID and secret.

Use the ID to obtain a credential using:

https://id.shoeboxed.com/oauth/authorize?client_id=<client id>&response_type=code&scope=all&redirect_uri=https://api.shoeboxed.com/v2/explorer/o2c.html&state=012345678

An error is reported in the JavaScript console, but there is an entry for a credential:

https://id.shoeboxed.com/oauth/authorize?client_id=d54fcdae881d4ee490e43a856ff90135&response_type=code&scope=all&redirect_uri=https://api.shoeboxed.com/v2/explorer/o2c.html&state=01234567888

Use this credential to create the following curl:

curl -v -XPOST https://id.shoeboxed.com/oauth/token -d code=<credential> \
-d grant_type=authorization_code --data-urlencode \ redirect_uri='https://api.shoeboxed.com/v2/explorer/o2c.html' -u <id>:<secret>

The curl receives the following error:

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 35.238.229.109:443...
* TCP_NODELAY set
* Connected to id.shoeboxed.com (35.238.229.109) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; CN=*.shoeboxed.com
*  start date: Jun 21 16:54:22 2019 GMT
*  expire date: Aug 20 18:19:03 2020 GMT
*  subjectAltName: host "id.shoeboxed.com" matched cert's "*.shoeboxed.com"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user '30d0e270a0e64429a9b9bc6adb9b8229'
* Using Stream ID: 1 (easy handle 0x26130b0)
> POST /oauth/token HTTP/2
> Host: id.shoeboxed.com
> Authorization: Basic MzBkMGUyNzBhMGU2NDQyOWE5YjliYzZhZGI5YjgyMjk6endndzY2aUJVTDMyaW9xS1RJS1EzLktleW00bzlKRDBkYk1nRi9oQjBIUlZ3N04zeHZ0dEs=
> User-Agent: curl/7.65.3
> Accept: */*
> Content-Length: 139
> Content-Type: application/x-www-form-urlencoded
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 400
< server: nginx/1.14.0 (Ubuntu)
< date: Sat, 05 Oct 2019 23:26:55 GMT
< content-type: application/json; charset=utf-8
< content-length: 76
< x-frame-options: DENY
< x-permitted-cross-domain-policies: master-only
< x-xss-protection: 1; mode=block
< content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'
< x-content-type-options: nosniff
<
{"error":"invalid_request","error_description":"invalid authorization code"}* Connection #0 to host id.shoeboxed.com left intact

What should I be doing to get the Swagger UI to run as it should?

Request to get list of document returns type = unknown;

Request to get list of document returns type = unknown; now. Is it intended to be so?

Request with invalid access token

Request with invalid access token returns strings response, but before it was JSON result with error_description parameter.

API explorer doesn't put document parameter into HTTP body

More information on implicit grant flow

I am trying to developp a personnal productivity tool using Shoeboxed API, but it seems that only the authorization code is documented. More information about the implicit grant flow would be nice.

Also, more information on the expected header of the request would be nice, instead of curl command.

Support equivalent of "ConvertedTotal" from APIv1

APIv1 provided two options for getting document Total and Tax - documentTotal (used in conjunction with documentCurrency) and convertedTotal (used in conjunction with accountCurrency). APIv2 should also support this.

Unable to update categories of a document

I am trying to update the categories of a document, using Swagger (more specifically, using this method, but I get a malformed Json error with a 400 status code.

Request URL

https://api.shoeboxed.com:443/v2/accounts/1809343498/documents/58779bd28850c1bc73f20f4a/

Request Body (as pasted in swagger)

{
  "categories": [
    "Office"
  ]
}

Response Body

{
  "code": "MALFORMED_JSON_ERROR",
  "reason": "The HTTP message body couldn't be parsed as JSON.",
  "details": []
}

I am quite lost here, because the JSON pasted seems to be correctly formatted.

Can't create document with document parameter

I upload file with following request:

Headers:

Accept = "application/json";
Authorization = "Bearer ***";
"Content-Type" = "multipart/form-data; boundary=063E0C37-2888-45F6-8E1B-9B380EA2337A";

Body:

--063E0C37-2888-45F6-8E1B-9B380EA2337A
 Content-Disposition:form-data;name="attachment";filename="Test document.pdf"
 Content-Type:application/pdf

 //file_content
 --063E0C37-2888-45F6-8E1B-9B380EA2337A
 Content-Disposition:form-data;name="document"
 Content-Type:application/json

 {"name":"aoeu"}
 --063E0C37-2888-45F6-8E1B-9B380EA2337A--

And the result is MALFORMED_JSON_ERROR:

  {
     code = "MALFORMED_JSON_ERROR";
     details =     (
      );
     reason = "The HTTP message body couldn't be parsed as JSON.";
   }

Although If I don't put any JSON inside request it works just fine. Can you please show me any example of correct request?

How to distinguish error and result?

Posting request to accounts/Account_ID/categories without JSON body returns following result:

 {
     code = "MALFORMED_JSON_ERROR";
      details =     (
     );
     reason = "The HTTP message body couldn't be parsed as JSON.";
  }

Would be nice to put it in inside error parameter.

Persistent attachment URLs

The Document.DocumentAttachment.URL response is a transient link that allows the images to be downloaded into another system. In many cases a persistent URL would be very useful.

Getting the OCR Content

This is Dave at Aestiva. Tobi asked that I post my needs here. I entered them in the priority of importance for us:
#1) We are looking at getting the raw OCR text along with the regular XML feed. This item alone will allow us to test using Shoeboxed for invoice processing.

If you can do this, we would also like the X/Y locations of the text extracted from the raw OCR text.
I understand it may be there. This would allow us to build "invoice templates" on our side -- expanding on item (1) above.

If you have any questions I'm at [email protected] Thx. -Dave