Staff Token POST

URI

https://{DATACENTER}.brightpearl.com/{ACCOUNT}/authorise

Description

This method is used to fetch an account staff member's authentication token, in exchange for their email address and password. For this method to successfully return a token:

  • The app must be installed and enabled in the account
  • The app must not be suspended or archived
  • The app must have the distribution type staff
  • The account administrator must authorize the staff member to use the app
  • The staff credentials must be valid

Note that staff members do not need the API permission to fetch their staff token; this is overridden by the explicit authorisation to use a given app.

Headers are required to identify the app. Both public and private apps must send their app reference in a header named brightpearl-app-ref. Public apps must also send their developer reference in the brightpearl-dev-ref header.

Example

Fetch a staff token from the account acmewidgets.

Request URI

/acmewidgets/authorise

Request body

{
	"apiAccountCredentials": {
		"email": "tom.parkinson@brightpearl.com",
		"password": "test123"
	}
}

Response

{
	"response": "NGIzOGM4OTgtOWE1Zi00Y2E3LTg0OTEtM2M1YzMyODg0ZWNi"
}