Procure-to-Pay
Resource-oriented URLs, form-encoded request bodies, JSON-encoded responses, standard HTTP response codes, and a mix of standard and extended action verbs. Four separate modules cover purchasing, invoicing, inventory, and recipes.
# Sign in to obtain Access-token, Client and Uid curl -D - "https://api.purchaseplus.com/access/api/auth/sign_in" \ -H "Accept: application/vnd.mbapi.v2+json" \ -d "email=you@yourbusiness.com&password=yourpassword" # Subsequent request curl "https://api.purchaseplus.com/purchasing/api/purchaser/:id/invoices" \ -H "Accept: application/vnd.mbapi.v2+json" \ -H "Access-token: XxhhFMpq-RQxBJb_LhuCNO" \ -H "Client: 4eWvqjwfS8KFaNG89dD4Tj" \ -H "Uid: you@yourorganisation.com"
The API is broken into 4 separate modules representing functional areas within PurchasePlus. Each module has its own SwaggerHub reference documentation. Your application may need some or all, depending on your requirements.
Purchase orders, approvals, receiving notes, and supplier interactions.
Open SwaggerHub ReferenceInvoices, AP automation, 3-way matching, approvals, and accounting exports.
Open SwaggerHub ReferenceStock levels, stocktakes, transfers, and variance tracking.
Open SwaggerHub ReferenceRecipes, menus, costing, ingredient mapping, and yields.
Open SwaggerHub ReferenceSwaggerHub paths above are gradually replacing legacy app.swaggerhub.com references. Treat any remaining app.swaggerhub.com docs as insufficiently maintained.
The PurchasePlus API uses token-based authentication. Make a sign-in request with your account email and password. The response headers contain Access-token, Client, and Uid, which must be passed on every subsequent request.
If the request is successful, the response body contains your user account details. The headers contain the three values you'll need on every later call:
XxhhFMpq-RQxBJb_LhuCNO4eWvqjwfS8KFaNG89dD4Tjyour.name@yourorganisation.comOnce your user is authenticated, the resources you can access and what you can do with them is controlled by the authorisation system. This is currently based on the Personas your user has been assigned, and can only be maintained through the PurchasePlus user interface. To obtain additional authorisation, please speak with an administrator at your Organisation, or contact our customer success team.
The PurchasePlus API uses standard HTTP response codes to indicate whether your request was successful or whether there was an issue.
Request was successfulPossibly missing dataInvalid Access-token, Client, or UidPersona lacks permissionResource does not exist; check the URL or idRequired attributes missingResource may have been updated since you retrieved itLimit is 5 per secondContact support if it persistsFor requests that return multiple records, you may need to make multiple requests to retrieve all results. Pass the page parameter with the page number you wish to request.
Every resource response contains a links attribute with a link to self, plus links to any associated collections.
Responses returning a collection include a links object with first, last, next, and prev page links.
Every resource contains a self-link, and may also expose related resources you can fetch with subsequent calls.
Some calls return related resources alongside the primary data, saving the need for subsequent API calls. For example, retrieving a product's details from an invoice line, or department details with an invoice.
For requests that return multiple records, you can filter results using filter parameters. Example, returning invoices with the string "INV":
Available predicates:
| Predicate | Description | Notes |
|---|---|---|
| *_eq | equal | |
| *_not_eq | not equal | |
| *_matches | matches with LIKE | e.g. q[email_matches]=%@gmail.com |
| *_does_not_match | does not match with LIKE | |
| *_matches_any | matches any | |
| *_matches_all | matches all | |
| *_does_not_match_any | does not match any | |
| *_does_not_match_all | does not match all | |
| *_lt | less than | |
| *_lteq | less than or equal | |
| *_gt | greater than | |
| *_gteq | greater than or equal | |
| *_present | not null and not empty | String columns only. q[name_present]=1 |
| *_blank | is null or empty | col IS NULL OR col = '' |
| *_null | is null | |
| *_not_null | is not null | |
| *_in | match any values in array | q[name_in][]=Alice&q[name_in][]=Bob |
| *_not_in | match none of values in array | |
| *_lt_any | less than any | col < value1 OR col < value2 |
| *_lteq_any | less than or equal to any | |
| *_gt_any | greater than any | |
| *_gteq_any | greater than or equal to any | |
| *_lt_all | less than all | col < value1 AND col < value2 |
| *_lteq_all | less than or equal to all | |
| *_gt_all | greater than all | |
| *_gteq_all | greater than or equal to all | |
| *_not_eq_all | none of values in a set | |
| *_start | starts with | col LIKE 'value%' |
| *_not_start | does not start with | |
| *_start_any | starts with any of | |
| *_start_all | starts with all of | |
| *_not_start_any | does not start with any of | |
| *_not_start_all | does not start with all of | |
| *_end | ends with | col LIKE '%value' |
| *_not_end | does not end with | |
| *_end_any | ends with any of | |
| *_end_all | ends with all of | |
| *_cont | contains value | uses LIKE |
| *_cont_any | contains any of | |
| *_cont_all | contains all of | |
| *_not_cont | does not contain | |
| *_not_cont_any | does not contain any of | |
| *_not_cont_all | does not contain all of | |
| *_true | is true | |
| *_false | is false | |
| *_fuzzy | full text search | |
| *_time_from | after this time | |
| *_time_to | before this time | |
| *_quarter_equals | matches a date in the quarter | Q1, q1 or 1 |
Each request you make to our API is logged and assigned a request id, returned in the PP-Request-Id response header. Use this id when contacting support about a specific request.
The PurchasePlus API is currently on version 2.0. Provide the version on every request via the Accept header. If omitted, the system falls back to the deprecated v1.0 API (v1.0 reference here).
Refer to the Change Notes below for any breaking version changes, new endpoints, or new and deleted fields.
The PurchasePlus API can optionally support idempotency to prevent the same transaction occurring multiple times. Provide the case-sensitive Idempotency-Key header on a request, with a UUID as its value.
If you make a request with the same Idempotency-Key twice, you receive the cached version of the original successful result. Only provide an Idempotency-Key for POST or PATCH requests, never GET or DELETE.
The PurchasePlus API is rate limited to protect all users from load issues. If your application reaches the limit you will see HTTP 429 on requests. The current limit is 5 requests per second per IP address. Contact our team if this is too low for your requirements.
Handle these errors gracefully by monitoring for 429s and implementing a retry mechanism with back-off.
v2.0ongoingLet us help you connect with new and existing suppliers and boost your digital transformation.
Talk to Us
477 Pitt Street,
Haymarket, NSW 2000
Australia
