The integrator partner key is a sensitive piece of information and must be treated as such. The integrator is responsible for the use of his key. Ensure it is kept secure and not accessible via reverse engineering or any other method at any time.
The authentication relies on several parts:
Use the Login function to authenticate a user. The Entity identifier, Provider authentication key and the authentication key must be provided to this function. If the authentication is granted, a session token is returned. This session token is valid for 20 minutes and will be requested by every function belonging to the API of this web service.
The authorisation is the authorisation in place in the AccountsIQ system: the user only has the rights to perform operations he/she can perform from the front-end.
The AccountsIQ system evolves constantly and so does its exposed web services interface. To avoid incompatibilities with our integrator partner applications, we provide a list of versioned web services. When an update is made to the AccountsIQ system that mandates a change in the API, we provide a new web service with the next version number while keeping the previous API of the previous web service in a working state. The previous web service version is maintained for a duration of 3 months.
When a new version of the web services is made available, a mail is sent to all integrator partners requiring them to update their application within 3 months. After three months, the previous web services version is retired.
A staging environment is available for integration testing, update and development. Please ask development@accountsIQ.com for a demonstration database or a copy of one of your live database with an integration account for testing.
For clarification on any aspect of this API, please send an email to development@accountsIQ.com.