Developer Guide
To utilize the Order Management System (OMS) API effectively, you must first authenticate your application by obtaining an access token. This token serves as a key to verify that each request is authorized and secure. Below are the essential steps and guidelines to interact with the API:
Base URL
All OMS API requests should be sent to the following base URL:
https://omscoreapi.betterland.co.thObtaining an Access Token
Every API request requires an access token, which is valid for 30 days from the time it is issued. The token must be obtained by making a POST request to the /Token endpoint.
Authentication Endpoint
POST /TokenHeaders
CompanyID: Your company ID
Content-Type
application/x-www-form-urlencoded
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be "password" |
| username | string | Yes | Your OMS username |
| password | string | Yes | Your OMS password |
| companyid | string | Yes | Your company ID |
Example Request
POST https://omscoreapi.betterland.co.th/Token
Content-Type: application/x-www-form-urlencoded
CompanyID: 12345
grant_type=password&username=johndoe&password=secureP@ssw0rd&companyid=12345
Example Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 2591999,
".issued": "Tue, 14 Jan 2025 03:28:05 GMT",
".expires": "Thu, 13 Feb 2025 03:28:05 GMT"
}
Using the Access Token
Once you have obtained the access token, include it in the Authorization header for every subsequent API request as a Bearer Token:
Authorization: Bearer <your_access_token>API Reference Documentation
For information about specific endpoints, refer to the API documentation. Each endpoint description includes:
- Endpoint Paths: Specific paths appended to the base URL.
- HTTP Methods: Supported methods such as GET, POST, PUT, DELETE.
- Request Parameters: Headers and body details for each request.
- Response Structure: The expected JSON response and error codes.
Best Practices for Token Usage
- Secure Storage: Store your access token securely and never expose it in client-side code.
- Token Expiry Management: Monitor the
expires_infield and request a new token when the current one is close to expiring. - Error Handling: Implement robust error handling for cases where tokens are invalid, expired, or unauthorized.
API KEY
Data transmission to each endpoint requires a system-verified key, which is passed with the "APIKEY" parameter in the header.