Base URL: /v2, Version: 2017.40
This document describes the public endpoints exposed by the Onea Mobile App API. The default host implementing this API can be found at https://app-api.onea.be.
User authentication
| Operation | Description |
|---|---|
| POST /v2/auth/login | Login a user into a given environment |
| POST /v2/auth/logout | Log out a logged in user and invalidate an access token |
| POST /v2/auth/register | Registers a new user |
| POST /v2/auth/connect/{companyInviteKey} | Connects an authenticated user to a company |
API maintenance information
| Operation | Description |
|---|---|
| GET /v2/maintenance/message | Get the current active maintenance message. |
Control and manage information about companies
| Operation | Description |
|---|---|
| GET /v2/companies | Get all public company data for companies that match given criteria |
| GET /v2/me/companies | Get a list of all companies the user has access to |
| POST /v2/me/companies/{companyId} | Update an existing company |
| GET /v2/me/companies/{companyId}/suppliers | Get a list of all the suppliers for a given company. |
| POST /v2/me/companies/{companyId}/upload-image | Upload a new image to the given company |
Control and manage information about invoices
| Operation | Description |
|---|---|
| GET /v2/me/companies/{companyId}/invoices/incoming/{invoiceId}/attachments/{attachmentId}/download | Download a PDF attachment for a given invoice |
| GET /v2/me/companies/{companyId}/invoices/incoming/{invoiceId}/validating/resync | Resync all validating incoming invoices |
Users with a valid access token can be given access to a company by connecting to the company using a unique company invite key. An invite key gives access to one company only and can be used by multiple users, but can expire due to a manual action or after a certain time period has been reached.
| X-Onea-Auth-Token | A valid access token |
header | string | |
| companyInviteKey | A valid unique invite key |
path | string |
application/json
The user was succesfully connected to the company.
application/json
The body should contain a JSON object which specifies the environment against which the user should be authenticated, the username of the user and the password of the user.
application/json
The user was successfully logged in. The response contains an access token which can be used for authorization in further requests.
application/json
The body should contain a valid access token of a logged in user
The user was successfully logged out and the given access token has been invalidated.
application/json
JSON object containing the username, password and email for the new user
The user was successfully registered and can now log in.
| vatNumber | VAT number of the company |
query | object |
application/json
Returns a list of public company data for all companies that match the given criteria.
Whenever the users need to be warned about maintenance on the applicaiton (i.e. possible downtime), the maintenance message will be set and can be retrieved via this endpoint.
application/json
Operation success. The body contains a JSON object with the current active maintenance message. In case no maintenance message is currently set, the value of the message property is null.
| X-Onea-Auth-Token | A valid access token |
header | string |
application/json
Returns a list of all companies the user with the given access token has access to.
application/json
| X-Onea-Auth-Token | A valid access token |
header | string | |
| companyId | Id of an existing company |
path | string |
application/json
The company was succesfully updated.
Allows you to download the PDF attachment for a given invoice. Note that this method requires a valid access token in order to download the file which can be set via the X-Onea-Auth-Token header. Alternatively, in cases where headers can not be set (e.g. HTML <a> tags), you can also specify the token via the query parameter token.
| X-Onea-Auth-Token | A valid access token |
header | string | |
| token | A valid access token |
query | string | |
| companyId | Id of an existing company |
path | string | |
| invoiceId | Id of an existing invoice |
path | string | |
| attachmentId | Id of an existing attachment |
path | integer |
application/pdf
Download was successful. The response body contains the raw binary data of the requested PDF file.
Forces a resync with the source environment of all incoming invoices with the status VALIDATING of the company with the given companyId.
| X-Onea-Auth-Token | A valid access token |
header | string | |
| companyId | Id of an existing company |
path | string |
application/pdf
Resync was successfully triggered. Note that the resync is performed asynchronously and that the resync might not yet have finished.
| X-Onea-Auth-Token | A valid access token |
header | string | |
| companyId | Id of an existing company |
path | string |
application/json
Returns a list of all the suppliers for the given company.
application/json
| X-Onea-Auth-Token | A valid access token |
header | string | |
| companyId | Id of an existing company |
path | string |
Image uploaded succesfully.