1. Home
  2. Docs
  3. Documentation
  4. Authentication and tokens

Authentication and tokens

Tokens

The Tripletex API uses 3 different tokens

consumerToken is a token provided to the consumer by Tripletex after the API 2.0 registration is completed.

employeeToken is a token created by an administrator in the Tripletex account you want to access via the user settings and the tab “API access”. Each employee token must be given a set of entitlements. Read more about the process here.

sessionToken is the token you create from /token/session/:create which requires a consumerToken and an employeeToken created with an application matching the consumer token.

Authentication is done via Basic access authentication.

  • Username is used to specify what company to access.
    • 0 (zero) or blank means the company of the employee, employee here meaning the owner of the employee token.
    • Any other value for user name means accountant clients. Use /company/>withLoginAccess to get a list of those. More info about these tokens can be found here.
  • Password is the sessionToken.

If you need to create the header yourself use Authorization: Basic <encoded token> where encoded token is the string <target company id or 0>:<your session token> Base64 encoded.

Accessing accountant clients via an accountants employee token

In Tripletex an accountant can get access via their own company to a clients account so they may switch to the clients company without logging out and back in to another company. In these cases the accountant may have created a single employee tokens for use with several clients.

This is intended for year-end software integrations and other software that the accountant uses for several clients and requires your integration to be able to handle these types of tokens, as they authenticate slightly differently.

An accountants session token authenticated with username 0 will only have access to GET company/>withLoginAccess and GET token/session/>whoAmI. This means that if an accountant wants to use the same integration for their own company they will need to create a separate employee token that is not set as an accountant token.

When an accountant creates an accountants employee token they give this token access to the clients that they wish to use the integration with. Once this is done the given company will be visible via GET company/>withLoginAccess and from here you can authenticate with username=companyId and password=sessiontoken. The sessionToken does not change at any point during the authentication. The companyId will also aways be the same for the same account.

Was this article helpful to you? Yes No