Loading...
Wisenet

      API FAQs

      What is the difference between the OAuth API and the API Key based API?

      All endpoints in the old API are the same and available in the OAuth API. There are however new endpoints available in the OAuth API.

      The main difference is in the authentication used for the API calls.

      What is involved to migrate to the new OAuth?

      Once an Integration App is provision you are able to implement the new OAuth process and connect this to your existing API integration.

      1. Register Your App: See How to get started with OAuth API (above)
      2. Implement OAuth: Follow the OAuth Authentication Flow in the Developer Documentation.
      3. Update Your App: Replace API key logic with token-based requests.

      What happens to existing API key integrations?

      API key support will be deprecated by early 2026. Existing integrations will continue to function until then but must migrate to OAuth before deprecation.

      How do I know which scopes to assign?

      Refer to the Scope Reference Guide for a breakdown of permissions for each scope.

      How long does a token last?

      Each token has an expires_at property which allows you to determine the length. You can then refresh the token programatically as required. See the oAuth documentation for how to obtain an access token or a refresh token.

      I need help on how to complete the OAuth process and test the Wisenet API. Do you have example code or a step-by-step guide?

      Yes. Please see the ready-to-use Postman collection and a full walkthrough of the OAuth process (including how to obtain and use access tokens).

      How to Authorise and Test the Wisenet API Using Postman

      What should I put in state, code_challenge, code_challenge_verifier parameters?

      The API OAuth docs reference external resources that outline information regarding PKCE RFC.

      If you need a working example then we recommend using AI to provide more details and generate appropriate values.

      How can I handle OAuth redirect URIs when each of my customers has a different domain?

      Use a single, stable redirect like https://auth.yourcompany.com/callback for every tenant. After you complete the OIDC code exchange on that domain, you perform a second, server-side redirect to the customer’s own URL.
      How to implement safely:

      1. Begin login from https://tenantA.yourapp.com and include a signed state carrying the tenant identifier and intended post-login URL (eg /{tenant}/dashboard).

      2. Whitelist only https://auth.yourcompany.com/callback with your IdP.

      3. At the callback:

        • Verify state and nonce; exchange the code for tokens.

        • Look up the tenant in your DB, fetch an allow-listed post-login domain for that tenant (eg https://tenantA.yourapp.com).

        • Build the final URL from the allow-listed base + a validated relative path from state, then 302 the user there.

      Why this is good:

      • Keeps the IdP’s whitelist tiny and stable.

      • Avoids wildcard redirect URIs.

      • Mirrors guidance from platform docs — if you have “too many redirect URIs,” carry tenant info in state and final-redirect yourself.

      What timezone does the Wisenet API use for timestamps?

      By default, the Wisenet API returns date and time values in AEST.

      If the OutputDateFormat header is not supplied, the API uses ExcludeTimezone, which returns AEST timestamps without a timezone indicator.

      What is the OutputDateFormat header used for?

      The OutputDateFormat header controls whether timezone information is included in API responses.

      • ExcludeTimezone (default):

        • Returns timestamps in AEST with no timezone suffix.

      • IncludeTimezone:

        • Returns timestamps with timezone information included.

      What timezone should I use when filtering by lastModifiedTimeStamp?

      All query string filters using lastModifiedTimeStamp must be provided in AEST.

      At this time, the API only supports AEST for timestamp filtering. Timezone-aware values such as UTC (Z) are not supported in filters and may produce unexpected results.

      Why does the timestamp in the Wisenet web application look different to the API?

      The Wisenet website displays timestamps based on the user’s local PC or browser locale, while the API uses AEST by default.

      This can result in visible differences between the website and API data when users are in different timezones.

      How can I obtain the number of records for an API query?

      Each API response includes the X-Total-Count response header. This header contains the total number of records returned by the query.

      If filter parameters are applied, X-Total-Count reflects the number of records that match those filters, not the total number of records in the system.

      You can use the X-Total-Count value to calculate pagination, such as determining the total number of pages or whether additional requests are required to retrieve all results.