Nxsys API Documentation
  1. Authentication
Nxsys API Documentation
  • Introduction
    • Nxsys API Documentation
    • Base URL and Environments
    • Handling Errors
    • Pagination
    • Best Practices
  • Authentication
    • Overview
    • Step 1: Create a Client Application
    • Step 2: Obtain Authorization Code
    • Step 3: Exchange your Authorization Code for an Access Token
    • Step 4: Refresh your Access Token
  • APIs
    • Authentication
      • Construct the Authorization URL
      • Exchange your Authorization Code for an Access Token
    • Candidates
      • Create Candidate
      • Get Candidates
      • Update Candidate
    • VAT Codes
      • Get Default VAT Codes
    • PaymentRate
      • Create Payment Rate
      • Get Payment Rates
      • Get Single Payment Rate
      • Update Payment Rate
    • Timesheet
      • Create Timesheet
      • Get Timesheets
      • Get Single Timesheet
      • Update Timesheet
    • Payslips
      • Get Payslips
  1. Authentication

Overview

The Nxsys API uses OAuth 2.0 as its authentication mechanism.

Why OAuth 2.0?#

OAuth 2.0 is a widely adopted authorization framework that enables third-party applications to gain limited access to user accounts on an HTTP service—without requiring the user to share their credentials.
It works by:
Delegating user authentication to the service hosting the account
Authorizing third-party applications to access specific user data securely

OAuth 2.0 Authorization Flows#

There are four primary OAuth 2.0 flows, depending on the use case (e.g., web apps, mobile apps, machine-to-machine):

Typical Steps in the Flow:#

1.
Register a client application
2.
Obtain a Client ID and Client Secret
3.
Redirect the user to obtain an authorization code
4.
Exchange the authorization code for an access token
5.
Refresh the access token when it expires

What You Need to Prepare#

To integrate with the Nxsys API via OAuth 2.0, you’ll need to prepare the following:

Redirect URL (Callback URL)#

The redirect URL is a key component of the OAuth flow. It’s the endpoint in your application where users are redirected after they authenticate with Nxsys.
To configure this properly:
Use a secure (HTTPS) URL within your application
Ensure the endpoint is capable of handling the OAuth response (e.g., parsing the authorization code)
Register this URL with Nxsys when setting up your client application
Example:
https://{{your domain}}/oauth/callback
📌
Important: Always use HTTPS for your redirect URL to ensure secure communication and protect against interception attacks.
Previous
Best Practices
Next
Step 1: Create a Client Application
Built with