EXACT API v1.0

The Exact API exposes a set of endpoints to enable integration with external partners. An onboarding process must be followed to provide new partners with access to the API.

Note

This API is only supported on Exact versions 13.842 and above.

Authentication

The API authentication follows the OAuth 2.0 Client Credentials grant flow for protecting API resources.

The general sequence for authentication is:

The caller requests an access token from the authorization server using the Client Id and Client Secret issued to you by HSO along with the scopes required for subsequent API requests.
The Identity server verifies Client Id and Client Secret and issues an access token to the caller if verification succeeds.
The caller receives the issued access token to use for subsequent API calls to access resources.
The access token is used on all calls to the API as a header (Bearer Token)
- Parameter Name: Authorization, in: header. JWT Bearer Token.

Requesting a Token

As the HSO Identity Server implements the OIDC standard, all the information related to the authentication process can be obtained through the endpoint .well-known/openid-configuration.

To request a token, the ClientId and ClientSecret must joined by a colon (ClientId:ClientSecret), encoded in Base64, and passed as a Basic authentication header.

import http.client

conn = http.client.HTTPSConnection("qa-auth.softwareofexcellence.com")
payload = 'grant_type=client_credentials&scope=appointment.list%20practice.get'
headers = {
  'Authorization': 'Basic [base64(clientId:clientSecret)]',
  'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("POST", "/connect/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

curl --location 'https://qa-auth.softwareofexcellence.com/connect/token' \
--header 'Authorization: Basic [base64(clientId:clientSecret)]' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=appointment.list practice.get'

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://qa-auth.softwareofexcellence.com/connect/token");
request.Headers.Add("Authorization", "Basic [base64(clientId:clientSecret)]");
var collection = new List<KeyValuePair<string, string>>();
collection.Add(new("grant_type", "client_credentials"));
collection.Add(new("scope", "appointment.list practice.get"));
var content = new FormUrlEncodedContent(collection);
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

Authority Servers

Each environment has its own authority server. Make sure the right authority server is used for QA and Prod.

Environment	Url
QA	`https://qa-auth.softwareofexcellence.com/connect/token`
PROD	`https://auth.softwareofexcellence.com/connect/token`

Tip

Although this documentation lists all APIs in an alphabetical order, it is recommended that one starts with the Subscriptions API, as it provides the list of practices that subscribed to your product.

Endpoints

Environment	Url
QA	`https://qa-api.ex.softwareofexcellence.com`
PROD	`https://api.ex.softwareofexcellence.com`