Overview
Introduction Requests Responses & Error Handling Endpoint Versioning Registration Authorisation (connecting) Endpoint AuthenticationEZICHEQ API
Introduction
The EZICHEQ API enables developers to integrate a web-based application ("app") with the EZICHEQ platform. Use this to keep your app data in sync with EZICHEQ.
For Programmers: If you are a programmer and have the tooling, you can use our openapi.json file to generate code that interfaces to our API. Search on google for OpenAPI or OAS3 or Swagger and you'll find numerous tools and services that can write this code for you, automatically. If you do you should still read the rest of this introduction. Of course you can also write code manually which is why we provide the rest of this website for you.
For Non-Programmers: If you are not a programmer, you can still work with our API via Zapier, which allows you to plug your EZICHEQ account into any one of their thousands of integrations, such as your Gmail or your Xero account. Our Zapier integration covers less functionality than our REST API does, but the basics are available and if you need more don't hesitate to contact us at info@ezicheq.com.
RESTful: Primary functionality is enabled with HTTP endpoints that operate in a RESTful fashion.
OAuth2: Authentication and Authorisation is handled in a very standard way using OAuth2 defined by RFC 6749 . You don’t need to comb through IETF standards to understand how this works as we will walk you through it, but the standard is there if you need more detail and precision.
Web Applications Only: The EZICHEQ API currently does not support smartphone apps, nor JavaScript browser apps. OAuth2 provides separate protocols and grant types for those situations which we have not yet implemented. The grant types we have implemented require us to redirect a user’s browser to a URL within your application, which is only possible if your application is a Web based application that services URLs. We may support smartphone apps and JavaScript browser apps in a future release.
Must be an EZICHEQ user: You must be an EZICHEQ user to register an app with our API. Once registered, any other EZICHEQ user can authorise your app to use the EZICHEQ API via their EZICHEQ account.
Limits and Terms
- Endpoints which list records are limited to 100 records at a time, and support paging via a 'page' parameter. Paging starts at page=1.
- API accesses may be logged. These logs are not yet available for query.
- API accesses may be throttled. Details as to the maximum rate will be supplied at a later time.
- We may disable or remove an app if we determine that it is misbehaving. Please refer to our Terms of Use.
Other Details
- No list of apps: We don’t currently list or promote connected apps — for the moment you need to start the integration process on your side.
- British spelling: Note that within the OAuth2 protocol, authorization is spelled using the American spelling (with a zed — ’z’). Within our documentation, we use the British / New Zealand spelling (with an ess — ’s’).
Requests
In general:
- GET requests fetch data and utilise URL query parameters
- GET requests with an ID fetch a specific record
- GET requests without an ID fetch a list of records
- POST requests are used to create new records, but also for other purposes
- PUT requests are used to update/modify existing records. Only the fields needing to be changed need to be supplied. (PUT is idempotent - If you make the same request many times, the result is the same as if you only did it once).
- DELETE requests are used to delete records
- OPTIONS requests are used to explore the verbs available at an endpoint
- HEAD requests are identical to GET requests, except with an empty body
- We don't service PATCH requests. Some APIs use PATCH instead of PUT for subsets of data. The EZICHEQ API uses PUT.
Responses and Error Handling
Responses are in JSON format, even if you set a different Accept header (which we currently ignore). Each response contains both a result
and an error
field, but either or both of these may be null. Each response also contains a number of metadata fields such as status_code
, status
, date
, request_method
, request_uri
and count
. You may also see a warning
field from time to time, which will contain an array of warnings.
HTTP status codes are also used. The HTTP status code can be used to determine the nature of the error so that your app can handle different kinds of errors differently.
Endpoint Versioning
Rather than version our entire API, we have chosen to version each endpoint category. This allows us to roll out updates in smaller batches. When we update an endpoint version, the existing version will generally remain operational, unless we determine that it presents a security or data integrity problem. We intend to mark deprecated endpoints as such in the openapi.json spec.
Endpoint URLs are in the format /category/version
. Versions start with the letter ’v’ followed by an integer starting from 1.
Example: /company/v1
If an ID is required, this is supplied next on the URL.
Example: /company/v1/abc-def-ghi-1234567
Registration
In order to access the EZICHEQ API, developers first need to register their App with us. This happens at the Registration page. You don’t have to wait for approval — as soon as you complete the form, registration is complete. You also have the ability to delete registrations that you create.
Registering an app does not grant it any access to the EZICHEQ API, nor does it list your app anywhere other than under your own list of apps.
During registration, you tell us:
- Your Application’s
name
- Your Application’s
redirect_uri
redirect_uri
is explained more under Authorisation (connecting)
Once you submit the registration form, we provide to you:
- A unique
client_id
- A
client_secret
- Grant Types: Authorisation Code, Refresh Token
- Authorisation Code endpoint: https://ezicheq.com/api/authorise
- Token endpoint: https://api.ezicheq.com/oauth2/token
- Refresh Token endpoint: https://api.ezicheq.com/oauth2/token
- Scope: not required; ignored if supplied
Endpoint Authentication
To authenticate to an endpoint, include an Authorization
HTTP header in bearer mode with your access_token. For example:
Authorization: Bearer 2989569f76bffd50735c1c27ad3df57b7b3b409e
You can alternatively supply the access_token as a GET or POST parameter.