While Lightspeed integration we encounter a few problems, Here I’m sharing my integration experience with Lightspeed and possible solution. Hope this will help you guys and save a couple of hours.
Problems while integrating Lightspeed API for Order management or reporting.
1. Getting access of Client ID and Secret Key. This is the first step for rest of the series
Sometimes it takes one or two weeks to deliver the keys so my suggestion is to get in contact with the support team
i.e. restaurant.support@lightspeedhq.com
2. How do we get the Code Challenge and Code Verifier pair and how to use these values in which APIs
3. Creation of Authentication Request URL with the provided keys.
4. Where to hit the Generated Authentication URL.
5. Which login details will be used for login so you can allow the API.
6. From where you will get the code which will be used while generating the authToken.
Integrate with the Lightspeed Restaurant platform
Type: L Series
1. Getting Started
Lightspeed Restaurant offers a REST API in order to communicate with the data in the system.
2. Accessing the API
Access to the Lightspeed Restaurant API is limited to Partners and pre-selected developers only.
3. Developing for the API
After receiving approval to access the API, the API Support Team will create a developer account on the Restaurant staging environment. All development and testing must take place on the staging servers.
4. URLs
Staging Base URL: https://test.lightspeedapis.com/resto/
Production Base URL: https://lightspeedapis.com/resto/
5. Authorization
Lightspeed supports the OAuth2 Authorization Code grant flow.
Lightspeed supports OAuth2 for partner integrations to gain access to an account.
6. Getting the client ID and client secret from Lightspeed. Please request Lightspeed to share the client ID and client secret which will be used at every step.
7. Generate Code Challenge and Code Verifier pair which will be used in two different places.
Use the following online tool to generate a code challenge from a code verifier: https://tonyxu-io.github.io/pkce-generator/
8. Authorization Request
Authorization URL (staging): https://test.lightspeedapis.com/resto/oauth2/v1/authorize
Authorization URL (production): https://lightspeedapis.com/resto/oauth2/v1/authorize
At this place, we need code challenge in combination with other query strings.
The Complete URL will look like below:
Method: GET
URL: https://test.lightspeedapis.com/resto/oauth2/v1/authorize
?response_type=code
&client_id=<Consumer Client ID>
&code_challenge=iK6jWzh91fWq3-OD8le8HOgV3CdMqFp5HnxnCEPA4bQ
&code_challenge_method=S256
e.g:
https://test.lightspeedapis.com/resto/oauth2/v1/authorize
?response_type=code
&client_id=dNUipzr6hZSGaf
&code_challenge=iK6jWzh91fWq3-OD8le8HOgVnCEPA4bQ
&code_challenge_method=S256
9. When you hit the above URL in the browser it will redirect you to the login page of Lightspeed.
Enter your admin login details over there, post login it will ask you to allow the current URL.
Click on the Allow button, it will redirect you to your predefined redirect URL.
One thing which is most important from the last URL is to get the Code.
So copy the code and hit the next API which is Token Request API because in 30 seconds the code will be expired.
10. Token Request: This step will be your last step to access the token.
Token URL (staging): https://test.lightspeedapis.com/resto/oauth2/v1/token
Token URL (production): https://lightspeedapis.com/resto/oauth2/v1/token
Once you have a code, you can then send a request to the /token endpoint with the received code and the OAuth client credentials to retrieve an access token and refresh token.
Method: POST
URL: https://test.lightspeedapis.com/resto/oauth2/v1/token
Authorization: Basic <Base 64 encoded Consumer Client ID:Consumer Client Secret>
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
redirect_uri=<Consumer Redirect URI>
code_verifier=<Code Verifier, in plain text>
code=aBcDeFG12
11. Refresh Token
Token URL (staging): https://test.lightspeedapis.com/resto/oauth2/v1/token
Token URL (production): https://lightspeedapis.com/resto/oauth2/v1/token
Once the access token expires, you will need to use the refresh token to get a new access token.
Refresh tokens do not expire and can only be used once
Method: POST
URL: https://test.lightspeedapis.com/resto/oauth2/v1/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <Base 64 encoded Consumer Client ID:Consumer Client Secret>
grant_type=refresh_token
refresh_token=Sy19AqfojTyXqES9sSQQrRzM5GzQuTsX