Determine the use of your application
Different applications require different authorization methods.
a) Your app will use our API to retrieve your own resources. For example to provide access for your customers to invoices or quotes you have sent to them. Use a dedicated API user account to access our API.
b) An app targeted for a broader audience mainly consisting of q-invoice users. The application will use our API to access the users’ data. Use OAuth2 to generate access- and refreshtokens.
If you’re not familiar with OAuth, it’s worth familiarizing yourself with the basics and in particular understanding the various workflows that OAuth 2.0 offers. The following two links may help:
Official OAuth Specification: a bit dry but if you want the “facts” they’re there.
OAuth2 Simplified: a nicely summarized overview of how to think through the key aspects of OAuth 2.0
OAuth 2 demo – designed to demo the workflow between OAuth2.0 Clients and Servers.
Pest – Pest is a PHP client library for RESTful web services.