Tower Contracting
Development EnvironmentGetting Started
The Corecon Open API exposes certain features such as Companies, Contacts, Projects, Project Financials, Labor Timecards, Equipment Timecards and Misc. Expenses. Some features allow Read access, whereas features such as Labor Timecards, Equipment Timecards, and Misc. Expenses allow Read / Add access at the moment.
The API is built using REST principles which ensures predictable URLs that makes writing applications easy. This API follows HTTP rules, enabling a wide range of HTTP clients can be used to interact with the API. Every resource is exposed as a URL. The URL of each resource can be obtained by accessing the API Root Endpoint. To use our API you must satisfy these prerequistes.
Developer Account Setup
First, setup a developer account from Corecon's' Setting module. The API can be for internal or external use.
When using for Internal use - no approval is required from Corecon.
When using to create an External application - approval is required. On approval, a Sandbox database creation is initiated. By default the Sandbox is valid for 1 month. Any extensions for the Sandbox may be granted by Corecon.
Depending on selection above, the user will be notified when the account and database are ready. After that, user can create applications and Integration / Secrey Keys.
Following fields are available when creating Apps and Integration Keys.
- Application Name
- Authentication type
- Allowed feature(s)
- Secret Key(s)
- Scope(s)
- Redirect URI(s)
- State
- Refresh Token LifeTime (in mins)
- Allowed Origins
Going Live - Enabling Production Access (for external applications)
- Use one of the sample applications provided in the portal to get started and create your application.
- Test the application thoroughly and make sure OAuth2 authentication is handled.
- Make some API calls.
- Submit the app for review by emailing Admin.
- Admin will setup a time to review and demo your application.
- Once app is approved, you can use it to connect to production accounts.
OAuth Setup
Corecon API supports 3 methods for authentication using OAuth2 all of which are detailed below
Authorization Code authentication:
To obtain an access token with Authorization Code Grant, you must meet the following prerequisites:
Integration Key : An integration key identifies your integration and links to its configuration values
Secret Key : A secret key is a value that is stored securely in your web server and only shared with your web server and the Corecon platform
Redirect URI : The redirect URI is the URI (URL) to which Corecon will redirect the browser after authentication.
Resource Owner Username / Password authentication
Integration Key : An integration key identifies your integration and links to its configuration values
Secret Key : A secret key is a value that is stored securely in your web server and only shared with your web server and the Corecon platform
User Name : Client's User Name of Corecon account.
Password : Corecon account password.
Client Credential authentication
Integration Key : An integration key identifies your integration and links to its configuration values
Secret Key : A secret key is a value that is stored securely in your web server and only shared with your web server and the Corecon platform
Redirect uri : uri to send token
Sample OAuth Authentication
Corecon APIs uses the Authorization code, Client Credentials and resource/password authentications to authorize and authenticate calls. Follow the steps listed here, to access Corecon’s APIs
Step 1: Registering New Client
First register your application with Corecon's Developer console in order get your Client ID and Client Secret.
To register your application, go to Enable developer mode and click on Add Client ID. Provide the required details to register your application. On successful registration, you will be provided with a set of OAuth 2.0 credentials such as a Client ID and Client Secret that are known to both Corecon and your application. Do not share this credentials anywhere.
Step 2: Generate Access and Refresh Token
by using a perticular authentication type, described in authentication types section, you will get access and refresh token.
The access_token will expire after a 60 minutes.
The refresh_token will be used to regenerate new access_token, if the current access token is expired.
Step 3: Generate Access Token From Refresh Token
Access Tokens has limited validity. Until then, the access token has unlimited usage. Once it expires, your app will have to use the refresh token to request for a new access token.
Step 4: Calling Corecon API
Access Token can be passed only in header and cannot be passed in the request param.
Header name should be Authorization
Header value should be Corecone Access Token with given format: {bearer access_token}
Errors and Error Codes
Corecon uses HTTP status codes to indicate success or failure of an API call. In general, status codes in the 2xx range means success, 4xx range means there was an error in the provided information, and those in the 5xx range indicate server side errors. Commonly used HTTP status codes are listed below.
| Status Code | Descriptions |
|---|---|
| 100 | Continue. |
| 101 | SwitchingProtocols. |
| 102 | Processing. |
| 200 | Success, The request was successfully completed. |
| 201 | Created |
| 202 | Accepted |
| 203 | Non Authoritative Information |
| 204 | No Content |
| 205 | Reset Content |
| 206 | Partial Content |
| 207 | Multi Status |
| 208 | Already Reported |
| 226 | I M Used |
| 250 | Low on Storage Space |
| 300 | Multiple Choices |
| 301 | Moved Permanently |
| 302 | Found |
| 303 | See Other |
| 204 | No Content |
| 304 | Not Modified |
| 305 | Use Proxy |
| 306 | Switch Proxy |
| 307 | Temporary Redirect |
| 308 | Permanent Redirect |
| 400 | Bad Request |
| 401 | Unauthorized |
| 402 | Payment Required |
| 403 | Forbidden |
| 404 | Not Found |
| 405 | Method Not Allowed |
| 406 | Not Acceptable |
| 407 | Proxy Authentication Required |
| 408 | Request Timeout |
| 409 | Conflict |
| 410 | Gone |
| 411 | Length Required |
| 412 | Precondition Failed |
| 413 | Request Entity Too Large |
| 414 | Request URI Too Long |
| 415 | Unsupported Media Type |
| 416 | Requested Range Not Satisfiable |
| 417 | Expectation Failed |
| 418 | Imateapot |
| 420 | Enhance Your Calm |
| 422 | Unprocessable Entity |
| 423 | Locked |
| 424 | Failed Dependency |
| 425 | Unordered Collection |
| 426 | Upgrade Required |
| 428 | Precondition Required |
| 429 | Too Many Requests |
| 431 | Request Header Fields Too Large |
| 444 | No Response |
| 449 | RetryWith |
| 450 | Blocked by Windows Parental Controls |
| 451 | Parameter Not Understood |
| 452 | Conference Not Found |
| 453 | Not Enough Bandwidth |
| 454 | Session Not Found |
| 455 | Method Not Valid in This State |
| 456 | Header Field Not Valid for Resource |
| 457 | Invalid Range |
| 458 | Parameter Is ReadOnly |
| 459 | Aggregate Operation Not Allowed |
| 460 | Only Aggregate Operation Allowed |
| 461 | Unsupported Transport |
| 462 | Destination Unreachable |
| 465 | Invalid Client ID |
| 466 | Invalid Client Secret |
| 467 | Client Key Inactive |
| 468 | Account Inactive |
| 469 | Code Expire |
| 470 | Invalid Request Code Mismatch |
| 471 | Secret Key Redirect Uri State Client ID Invalid |
| 472 | Invalid Grant Type |
| 473 | Invalid Credentials |
| 474 | Client Key Not Registered |
| 475 | Invalid Username Password |
| 476 | Blank Username Password |
| 477 | Account Expired |
| 478 | Client Not Valid |
| 479 | Token Expired |
| 480 | Token Invalid |
| 481 | Invalid Code |
| 482 | Internal Error |
| 483 | Database NULL |
| 484 | Developer Database is Not Created |
| 485 | Developer Database Expired |
| 486 | Production Database is Not Created |
| 487 | Production Database Expired |
| 488 | Request Uri Not Valid |
| 489 | Invalid Scope |
| 494 | Request Header Too Large |
| 495 | Cert Error |
| 496 | No Cert |
| 497 | HTTP to HTTPS |
| 499 | Client Closed Request |
| 500 | Internal Server Error |
| 501 | Not Implemented |
| 502 | Bad Gateway |
| 503 | Service Unavailable |
| 504 | Gateway Timeout |
| 505 | HTTP Version Not Supported |
| 506 | Variant Also Negotiates |
| 507 | Insufficient Storage |
| 508 | Loop Detected |
| 509 | Bandwidth Limit Exceeded |
| 510 | Not Extended |
| 511 | Network Authentication Required |
| 551 | Option Not Supported |
| 598 | Network Read Timeout Error |
| 599 | Network Connect Timeout Error |