OAuth 2.0 for Call Outs
1. Configure Coupa
-
Administrators can create, view, and edit Call Outs from Setup > Integrations > Call Outs, but they can only create new endpoints when creating a new Call Out When creating a new Call Out, your integration admin can use an endpoint that was previously defined or use the Create New link to define a new endpoint.
-
OAuth settings are available within endpoint configuration, In the Endpoint Detail section make sure to use HTTP and provide the Host Name, Token URL, Client ID, and Client Secret.
-
Link to detailed documentation: https://success.coupa.com/Support/Releases/26/New_Features/BSM_Platform/Coupa_Platform/Call_Outs_Support_OAuth_2.0
2. Customer system/Middleware configuration
-
Client id and secret need to be configured as an auth string:
auth_string = Base64.urlsafe_encode64("#{client_id}:#{client_secret}")
-
The length of the token should not be a concern (We have tested successfully upto 1258 characters)
-
The response that contains the access token needs to be in the below format:
{ "access_token": "", "token_type": "bearer", "expires_in": 86399 }
-
The response that contains the access token needs to be in the below format:
response = connection.post do |request| request.headers[:content_type] = (content_type || 'application/x-www-form-urlencoded') request.headers[:cache_control] = 'no-cache' request.headers[:Authorization] = "Basic #{auth_string}" request.headers[:accept] = 'application/json' if content_type == 'application/json' request_body = { "grant_type" => "client_credentials" } request_body.merge!(scope: scope) if scope.present? request.body = request_body.to_json else request.body = "grant_type=client_credentials" request.body +="&scope="+scope if scope.present? end
3. Error handling
-
Only failed transactions appear under call out errors section,
<customer_instance>/call_outs/<call out id>
-
Errors and what they mean
{ "statusCode": 401, "message": "Unauthorized. Access token is missing or invalid." }
: Issue with the response that contains the token, verify the format{ "statusCode": 404, "message": "Resource not found" }
: Issue with posting the payload to the external system{HTTP exception occured:Service::Oauth::AuthenticationManager::AuthenticationError}
: Configuration issue within the middleware, unable to access token.
-
If you face no challenges in test/sandbox instances but in production or vice versa, request the customer to regenerate the password.
4. Sample Payload (POSTMAN)
-
Download the Postman payload file.
-
Use the import option in postman to import the collection:
-
Add the URL, username and password: