Public Apps
This section is for Brightpearl registered developers. If you're a Brightpearl customer building an app for
your own account, see the next section.
We assume you know the account code and datacentre of the Brightpearl customer account you wish to connect to, and
for system apps, you also have an account token for the account. Read Brightpearl's documentation to find out how to
get this information.
1) Create app identity
The PublicAppIdentity
object identifies your app. It can be reused for all API sessions; you only need
to create it once regardless of how many Brightpearl accounts you are working with. You don't need to supply your
developer secret if you will sign the account tokens yourself, or if you are only using staff authentication.
Never include your developer secret in a distributed binary e.g. a mobile or desktop app!
PublicAppIdentity appIdentity = PublicAppIdentity.create(
"codemonkeys",
"YmIwYWFlNjBjZGRmY2UxMw==",
"quickinvoice");
2) Create authorisation object
There are two types of authorisation, system and staff, corresponding to Brightpearl's app types. System authorisation
requires an account token which you must get from Brightpearl when the customer installs your app. Staff authentication
requires a staff token, which you can request using the staff member's login details.
// Define customer account.
Account account = new Account(Datacenter.EU1, "visalia");
// SYSTEM AUTH
// Create system authentication object. As long as you included your developer
// secret in the app identity, you can supply signed or unsigned account tokens.
PublicAppAuthorisation systemAuthorisation = PublicAppAuthorisation.system(
appIdentity,
new Account(Datacenter.EU1, "visalia"),
"53f5d01f-4795-40df-acc0-d15b4c8e91fc");
// STAFF AUTH
// Define staff credentials.
UserCredentials credentials = new UserCredentials("sarah@visalia.co.uk", "sesame");
// Request a staff token using provided credentials.
String staffToken = client.fetchStaffToken(
appIdentity,
account,
credentials);
// Create an authentication using this token. Your developer secret is not required.
PublicAppAuthorisation appAuthorisation = PublicAppAuthorisation.staff(
appIdentity,
account,
staffToken);
You can now use the authorisation object with your
BrightpearlApiClient
instance. See
making requests
for more information.
Private Apps
This section is for Brightpearl customers creating an app for their own account. If you're a registered developer,
please see the section above.
1) Create app identity
The PrivateAppIdentity
object identifies your app and account.
// Create your app identity (valid for all sessions).
PrivateAppIdentity appIdentity = PrivateAppIdentity.create(
new Account(Datacenter.EU1, "visalia"),
"visalia_quickinvoice");
2) Create authorisation object
There are two types of authorisation, system and staff, corresponding to Brightpearl's app types. System authorisation
requires the account token that was generated when you created your private app. Staff authentication requires a staff
token, which you can request using the staff member's login details.
// SYSTEM AUTH
// Create system authentication object for your app and account. Use the token
// shown in the Brightpearl private apps page.
PrivateAppAuthorisation appAuthorisation = PrivateAppAuthorisation.system(
appIdentity,
"53f5d01f-4795-40df-acc0-d15b4c8e91fc");
// STAFF AUTH
// Define staff credentials.
UserCredentials credentials = new UserCredentials("sarah@visalia.co.uk", "sesame");
// Request a staff token using these credentials.
String staffToken = client.fetchStaffToken(
appIdentity,
credentials);
// Create an authentication using this token.
PrivateAppAuthorisation appAuthorisation = PrivateAppAuthorisation.staff(
appIdentity,
staffToken);
You can now use the authorisation object with your
BrightpearlApiClient
instance. See
making requests
for more information.
Legacy authentication
Brightpearl's legacy method of authenticating API calls will be removed in the future. We recommend registering as a
developer and using the new methods above.
The BrightpearlLegacyApiSession
class is provided for developers still using the old method of
authentication. Each instance of this class is specific to the Brightpearl account it was created for.
This class provides the same interface as BrightpearlApiClient
for making API requests, and fetches
auth tokens for you. By default it also handles renewal of authentication tokens automatically when they
expire after a period of inactivity. Authentication exceptions will only be thrown if a new token cannot be fetched,
usually because the staff member has changed their password.
The factory class will create a session instance wrapping with a default BrightpearlApiClient
instance,
which you can override by providing your own if you need.
Account account = new Account(Datacenter.EU1, "visalia");
UserCredentials credentials = new UserCredentials("sarah@visalia.co.uk", "sesame");
BrightpearlLegacyApiSession session = BrightpearlLegacyApiSessionFactory.newApiSessionFactory()
.withAccount(account)
.withUserCredentials(credentials)
.newApiSession();
At this point, the session will not be authenticated; an authentication token
will be requested when you make your first request or you can request one
manually.