Refer to Onboarding Documentation for step by step guidance.
Procure To Pay API Onboarding
This document describes the steps for onboarding to Procure to Pay API’s. There are three steps that need to be completed for onboarding, and details for each step are provided later in the document.
Step 1: Sign In
Step 2: Subscribe to a Product
Step 3: API Authentication
Step 1: Sign In
The Procure to Pay API Management Portal requires all users to sign in using AAD credentials.
Your company account should be registered with Azure Active Directory (AAD). To use this option, you will require prior admin consent for your company’s tenant in AAD.
To sign in using your active directory registered company account, click on the Azure Active Directory link on the sign in page and follow the instructions.
You need to be signed into the portal before proceeding to Step 2.
Step 2: Subscribe to a Product
All Procure the Pay APIs are arranged by product. To view any API through this portal, you must first subscribe to the appropriate product under which that API resides.
To subscribe to a product, navigate to the Products link. Click the Product for more details.
On the Product details page, Fill in the Subscription Name and click the Subscribe button. This will notify the product owner regarding your subscription request.
You will be notified by email once your subscription request is approved. Incase of any delay with approval, please reach out to your Microsoft contact via email.
You need an approved subscription before proceeding to Step 3.
Step 3: API Authentication
Calls made to our APIs need to pass a subscription key in their header. Subscription keys are generated after completing Step 2. Instructions on key generation and management can be found in the approval email sent to you once your subscription request is approved.
Our APIs also require additional authentication. We currently provide two different authentication mechanisms for our APIs.
Option 1: [Recommended] Azure Active Directory OAuth 2.0 Authentication
Please refer to this document for samples on using OAuth 2.0 Authentication: Azure Active Directory code samples (v1.0 endpoint)
Option 2: Certificate Based Authentication
To use this option, you will need to provide a certificate to Microsoft. Please reach out to your Microsoft contact if using this option.
Refer to the below code sample to make calls using a subscription key and Certificate Authentication.
C# code sample that shows how to call our APIs using a subscription key and certificate:
HttpClientHandler handler = new HttpClientHandler();
X509Certificate certificate = FindCertificateByThumbprint("<<Certificate Thumbprint>>");
handler.ClientCertificates.Add(certificate);
using (var client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "<<Subscription Key>>");
var result = await client.GetAsync("<<API URL>>");
}
C# Code sample that shows how to find a certificate:
/// <summary>
/// FindCertificateByThumbprint to retrive certificate value.
/// </summary>
/// <param name="findValue"></param>
/// <returns>return X509Certificate2 value</returns>
public static X509Certificate2 FindCertificateByThumbprint(string findValue)
{
X509Store store = new X509Store(StoreName.My, string.Compare(StoreLocationCertMode, "currentuser", true) > -1 ? StoreLocation.CurrentUser :
StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
// Don't validate certs,since the test root isn't installed.
X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, findValue, false);
if (col == null || col.Count == 0)
return null;
return col[0];
}
finally
{
store.Close();
}
}ua.