Server:9000/token returns 400 response

I am working to integrate our web ordering system with SambaPOS.

I have installed SambaPOS and message server using a SQL server express database for the SambaPOS database.

I was following the tutorial “Integrator’s GraphQL API Guide” located at Integrator's GraphQL API Guide and was using Postman to send the request “http://192.168.1.16:9000/token” to get a Authorization / access_token.

I get an http 400 Bad Request from the message server.

The form fields in the request are…

grant_type: password
username: Administrator
password: 1234
client_id: graphql
client_secret: test

SambaPOS is set up with these parameters as per the turtoial. The turtoial is using version 5.1.62 and I am using version 5.2.3 and I don’t know if this would make a difference.

The content in the response is

{
“error”: “invalid_clientId”,
“error_description”: “ClientId should be sent.”
}

What am I doing wrong?

The client_id is the Application Identifier. Have you created an Application in SambaPOS? Create an application other than the “graphql” app (it should be used for GraphiQL only)

Are you sure you are using the Password and not the PIN? Only the Password will work, PINs do not.

I tried different values for the client_id / identifier. I am sure I am using the Password and not the PIN

What can I do to trouble shoot this problem?

Did you create the Application?

What is the process to “create the Application”?

In the SambaPOS interface I did the following

Manage->Users->Applications->Add Application
Application Name: testql
Identifier: testql
Authentication Type: User Name & Password
Authorization Type: All Functions in Local Network
Lifetime: 365
Allowed Origin: *
Active: True

I then added Permissions

After I saved, I can see the new application in the application list. What else is required to create an application?

If you create a new Application or a new User, be sure to restart the MessagingServer service.

Make sure you are using your new client_id of “testql” in your App.

At first, for the Application definition, don’t use a Secret, don’t restrict to Local Network, and don’t select Permissions.

I understand the MessagingServer must be restarted after User or Application changes in SambaPOS interface.

I am not sure exactly what you are referring to with the term “App”. Does an App only consist of the form fields that can be edited in SambaPOS Manage->Users->Applications->Add Application

or is there other code I need to write. Maybe some javascript?

That ^ is your “App”.

That ^ is an “App”.

Whatever you are using, Postman for testing, or in your Web Ordering system, you are working with an “App” that is trying to connect to SambaPOS, specifically to the Messaging Server.

Postman is good to test with, for your Authorization Login. After you get that working, yes you will need to write some Javascript into your Web system to get Authorized, and subsequently run GQL queries and mutations.

I think I understand. My “App” will be a windows service running on our web server. How do I get the Server:9000/token request to return an access token so I can access the graphql api?

Take a look at the sample apps see how they did it.

I have followed the examples but all i get is a 400 response from the http://192.168.1.16:9000/token post or get from my app

{
“error”: “invalid_clientId”,
“error_description”: “ClientId should be sent.”
}

So show your code so we can see.

Here is how the Gloria food app handles it. Ignore most of the parameters but look at the authorize portion.

}
script.js

var express = require('express');
var request = require('request');
var querystring = require('querystring');
var app = express();

var messageServer = 'localhost';
var messageServerPort = 9000;
var gloriaFoodKey = 'KEY_HERE';
var serverKey = 'KEY_HERE';
var timeout = 30000;
var customerEntityType = 'Customers';
var itemTagName = 'Gloria Name';
var ticketType = 'Delivery Ticket';
var departmentName = 'Restaurant';
var userName = 'Administrator';
var terminalName = 'Server';
var printJobName = 'Print Orders to Kitchen Printer';
var additionalPrintJobs = [];  // array of additional print job names
var miscProductName = 'Misc';
var deliveryFeeCalculation = 'Delivery Service';
var tipCalculation = 'Tip';
var accessToken = undefined;
var accessTokenExpires = '';

function Authorize(callback) {
    accessToken = undefined;
    var form = { grant_type: 'client_credentials', client_secret: serverKey, client_id: 'gloria' };
    var formData = querystring.stringify(form);
    var contentLength = formData.length;

    request({
        headers: {
            'Content-Length': contentLength,
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        uri: 'http://' + messageServer + ':' + messageServerPort + '/Token',
        body: formData,
        method: 'POST'
    }, function (err, res, body) {
        if (err) {
            console.log('Error while trying to authorize >', err.message);
            if (callback) callback();
        }
        else if (res.statusCode === 400) {
            console.log(body);
            if (callback) callback();
        }
        else {
            var result = JSON.parse(body);
            accessToken = result.access_token;
            accessTokenExpires = new Date(result['.expires']);
            if (callback) callback();
        }
    });
}

Is it possible to get an access token from a postman request?

Isn’t an access token / Authorization key required to gain access to the GQL endpoints?

I figured it out. I was not urlencoding the request form data…Thanks for your help

I get the same error, can the parameter name be wrong?

I have found the problem and you need to do the content type in as follows when post processing on the post man.