DocumentationAPI EndpointsFAQ'sSupplier Connect
Documentation
Backoffice Login

Authentication Flow step-by-step

Suggest Edits

1. Submitting Your Information To Us

To begin your Authentication, we must first acquire some information to create your User account to access our API.
Fill out our Google Form Here to begin.

❗️

If you have already completed this step, do not submit again!

Once your submission has been received, we will create your User account, and Email you a OneTimeSecret link to the email specified in the Google Form that contains your:

  • client_id
  • client_secret
  • Username
  • Password

📘

Your Username and Password will be used for both accessing your Backoffice account, and for Authenticating your API in the following steps.

2. Creating Your Code Challenge

Our authentication requires you to use a code challenge and code verifier.
Navigate to This Link to generate your code_verifier and code_challenge

When navigated to the link above, you will be presented with 2 buttons.
Press Generate Code Verifier FIRST, then click Generate Code Challenge

2458

🚧

Be sure to save both your code_verifier and code_challenge for upcoming steps.

3. Acquiring your State String

Our auth flow requires a State parameter to be included in order to authenticate.

You can either manually create a 20+ digit string of random Alpha-Numeric values, or simply use this link to auto-generate one for you:

https://www.random.org/

The link above will present you with a properly formatted random string. Simply cope/paste that value and you're good to go.

582

🚧

Save the generated state string for upcoming steps

4. Acquiring Your Code Parameter

In your desired browser (we recommend Firefox), enter the following URL in your search bar:

https://accounts.lightspeed.app/authorize?response_type=code&client_id=YOUR_CLIENT_ID&scope=openid%20profile%20offline_access%20other.scopes&redirect_uri=YOUR_REDIRECT_URL&state=RANDOM_STRING_OF_NUM+LETTERS&code_challenge_method=S256&code_challenge=YOUR_CODE_CHALLENGE

Replace the values after client_id=, redirect_uri=, state=, and code_challenge= with your unique values acquired throughout this setup.
Press enter and you will be presented with a Login Page:

1540

Fill it in with the Username and Password you acquired from the OneTimeSecret link emailed to you.

Upon a successful login, you will be automatically redirected to a Consent page.

874

Upon consent, you will again be redirected, this time to the Callback URI with your code and state parameter appended to the end of the URL.
Example URL Below:

<YOUR_CALLBACK_URL>?state=rrt-8458678357857224472-d-gea1-3863-11839356-1&code=aBcDeFG12

Save both the code and state values.

📘

At this point of the setup you should have the following data:

  • client_id
  • client_secret
  • Username
  • Password
  • callback uri
  • code_challenge
  • code parameter
  • state

5. Access and Refresh Token

You are now equipped with the credentials necessary to acquire your Access and Refresh token.
This following example will be done with Postman, however can be accomplished with many other API Testing apps.

Your Authorization must be set to a Basic Auth Type:

2102

Authentication

Fill out your Body to match below:

2096

Below is the cURL code snippet for this request if you would rather import this into your test app:

curl -X POST \
  https://accounts.lightspeed.app/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
	-u 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' \
  -H 'cache-control: no-cache' \
  -d 'grant_type=authorization_code&redirect_uri=YOUR_REDIRECT_URI&code_verifier=YOUR_CODE_VERIFIER&code=YOUR_RETURNED_CODE'

Upon a successful POST, you will be given back your access_token and refresh_token.

📘

If you have any questions about this Authentication Flow please email us at [email protected]

Updated over 5 years ago

What’s Next