Striven REST API exposes different entities in Striven like Customers/Vendors, Orders, Projects, Tasks, Invoices, Bills and many more. In order to be able to use the API, the first step is to enable the API within Striven and obtain API Keys. All Striven API endpoints require OAuth access token which will be used authorize the request. Following steps will help you to successfully execute your first API request.
To use the Striven REST API, you'll need an API key, which consists of an OAuth 2 client ID and client secret. You can get these keys from API settings page in Striven. Initially API access is not enabled and you have to enable it by clicking Enable API Access button.
This will then generate ClientID and ClientSecret which you will use to get an access token. The access token obtained will be used to authorize your API request.
The Client ID and Client Secret obtained from API settings page should be used to obtain an access token that will be used to authorize all API request. A C# sample code below shows how to
obtain an access token by posting the client id and client secret to API accesstoken
private void InitializeToken()
{
//ClientID and ClientSecrect must be obtained from API Settings page in Striven
//These keys are used to request a accesstoken which will be used to make authorized api calls. Storing these information safely is highly recommended
string ClientID = "YOUR_CLIENT_ID";
string ClientSecret = "YOUR_CLIENT_SECRET";
HttpClient client = new HttpClient();
//add an accept header for JSON format
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
//Create authorization header for client authentication
string authorizationHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes(ClientID + ":" + ClientSecret));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authorizationHeader);
//Use client_credentials granttype with ClientID to get the accesstoken
Dictionary<string, string> grantClientCredential = new Dictionary<string, string>();
grantClientCredential.Add("grant_type", "client_credentials");
grantClientCredential.Add("ClientId", ClientID);
// Requesting token
HttpResponseMessage tokenResponse = client.PostAsync($"https://api.striven.com/accesstoken", new FormUrlEncodedContent(grantClientCredential)).Result;
if (tokenResponse.IsSuccessStatusCode)
{
//The response contains following information
//access_token
//refresh_token
//expires_in
//IMPORTANT!!! access_token is valid for the duration indicated by expires_in(in seconds).
//refresh_token can be used to refresh access token before it expires
dynamic tokenResposeDe = JsonConvert.DeserializeObject(tokenResponse.Content.ReadAsStringAsync().Result);
//this accesstoken should be stored somewhere global so that it can be used to make api calls until it expires.
accessToken = tokenResposeDe.access_token;
refreshToken = tokenResposeDe.refresh_token;
}
else
{
// error will be returned by tokenResponse.Content.ReadAsStringAsync().Result
}
}
The HTTP response to the accesstoken
API will return access_token
, expires_in
and refresh_token
properties.
The access_token
issued is valid for duration indicated by expires_in
, after which an attempt to use the token will result in 401 Unathorized response.
The Striven API access token expires in 24 hrs after they are issued. We should not request a new token for every API call we make. Access token should be reused. Making two API calls for every one operation is inefficient. It is a highly recommended practice that we build a mechanism to store and reuse the access token until it is valid.
Access Tokens can be refreshed using a refresh token before it expires.
Instead of posting the Client ID and Client Secrect, access token can be refreshed by posting the refresh token to the accesstoken
API.
A C# code sample below shows example of how to use refresh token to obtain new access token.
private void RefreshAccessToken()
{
//ClientID and ClientSecrect must be obtained from API Settings page in Striven
string ClientID = "YOUR_CLIENT_ID";
string ClientSecret = "YOUR_CLIENT_SECRET";
HttpClient client = new HttpClient();
//add an accept header for JSON format
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
//'Create authorization header for client authentication
string authorizationHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes(ClientID + ":" + ClientSecret));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authorizationHeader);
//Use client_credentials granttype with ClientID to get the accesstoken
Dictionary<string, string> grantClientCredential = new Dictionary<string, string>();
grantClientCredential.Add("grant_type", "refresh_token");
grantClientCredential.Add("refresh_token", refreshToken);
// Requesting token
HttpResponseMessage newtokenResponse = client.PostAsync("https://api.striven.com/accesstoken", new FormUrlEncodedContent(grantClientCredential)).Result;
if (newtokenResponse.IsSuccessStatusCode)
{
dynamic tokenResposeDe = JsonConvert.DeserializeObject(newtokenResponse.Content.ReadAsStringAsync().Result);
//update the tokens
accessToken = tokenResposeDe.access_token;
refreshToken = tokenResposeDe.refresh_token;
}
}
Every request to an API needs to pass access token using the Authorization
field with the Bearer
authorization scheme in the HTTP request header.
Sample request below shows HTTP POST request being made to search
API for Tasks. Notice that the request contains Authorization header with Bearer scheme.
POST https://api.striven.com/v1/Tasks/Search HTTP/1.1 Authorization: Bearer wSJcyugfcYvRDzuPsk2YAe7yntkIbJbckWLQsf3e4jwvb Content-Type: application/json {"AccountID":"1","PageIndex":"0","PageSize":"10","SortExpression":"TaskName","SortOrder":"2"}A C# code sample below shows an example of how to make API request to
search
API for tasks
private string SearchTasks()
{
//build search params for task
//refer to https://api.striven.com/Help/Api/POST-v1-Tasks-Search request body for sample
dynamic searchParam = new ExpandoObject();
searchParam.PageIndex = 0;
searchParam.PageSize = 10;
searchParam.SortExpression = "TaskName";
searchParam.AccountID = 1;
string sp = JsonConvert.SerializeObject(searchParam);
HttpContent tasksearchParams = new StringContent(sp);
//We need to define the content type of http header to be content-type: application/json
tasksearchParams.Headers.ContentType = (new System.Net.Http.Headers.MediaTypeHeaderValue("application/json"));
HttpResponseMessage response = GetHttpClient().PostAsync(String.Format("v1/tasks/search"), tasksearchParams).Result;
if (response.IsSuccessStatusCode)
{
var o = JsonConvert.DeserializeObject(response.Content.ReadAsStringAsync().Result);
//We can convert this object to IEnumerable and use as datasource
//in this sample we are just returning the JSON response
return o.ToString();
}
else
{
return response.Content.ReadAsStringAsync().Result;
}
}
/// <summary>
/// Creates an HttpClient with authorization header using bearer scheme
/// this client can be used to make all api calls
/// <summary>
/// <returns></returns>
private HttpClient GetHttpClient()
{
HttpClient client = new HttpClient();
client.BaseAddress = new Uri("https://api.striven.com");
//add an accept header for JSON format
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
return client;
}