Welcome to the ProcurementFlow API documentation and reference page!
To generate a live API key:

• Log in to your ProcurementFlow account
• Go to Company Details and scroll all the way down to buttom of the page

• Select Add new API key

‍

Secure Handling of API Keys

API keys are sensitive credentials that grant access for your application. It is crucial to follow best practices to ensure their security. This documentation outlines the recommended approach for securely handling API keys in your application.

Server-Side Usage: API keys should only be included on your server and should never be exposed in client-side code. Avoid embedding API keys directly into your backend code, even if it's private. Instead use environment variables or some other mechanism, to ensure separation of credentials from the source code.

Limit Access: Restrict API key access to the minimum number of people necessary. Grant access only to authorized individuals who require API key usage for specific tasks or responsibilities.

Treat Keys Like Passwords: API keys should be treated as sensitive information and handled with the same level of care as passwords. Enforce the importance of maintaining the confidentiality of API keys and provide clear guidelines on their usage and protection. Avoid sharing API keys

Key Rotation: Implement regular key rotation as a recommended best practice. Periodically review and update your API keys to mitigate the potential impact of compromised keys or unauthorized access. Generate new keys, update them in the appropriate storage mechanism (such as environment variables), and delete the old keys.

Remember, the security of your API keys directly impacts the overall security posture of your application. By adhering to these best practices, you can minimize the risk of unauthorized access and potential vulnerabilities.

‍

GET API endpoints

Use x-api-key header for key when making the request.

ProcurementFlow GET API has two endpoints

E-sourcing api endpoint

• PR and PO api endpoint: https://go.procurementflow.com/api/export/all/{organisation_id}
• E-sourcing api endpoint: https://go.procurementflow.com/api/export/all/esourcing/{organisation_id}

‍

Filtering PR and PO api endpoint

The ProcurementFlow API allows you to filter records by passing along query parameters. Below are some of the filters currently allowed by default to all endpoints within the provided collections

• ?itemName -text
• ?project - text
• ?costCenter - text
• ?prStatus - DRAFT / APPROVED / DECLINED / READY /IN_PROGRESS / APPROVAL_ WORKFLOW_ DRAFT
• ?purchaseRequestCreatedDate - date, in timestamp format yyyy‑MM‑dd HH:mm:ss.SSSSSS e.g. 2024-01-01T00:00:00.000Z
• ?orderType - PURCHASE_ORDER / RECEIVING / INVOICE
• ?orderStatus - PO_DRAFT / PO_ READY / PO_RECEIVED_PARTIALLY / PO_NOT_RECEIVED/ PO_ RECEIVED /INVOICE_RECEIVED / INVOICE_ PAID
• ?orderExpectedDeliveryDate - date, in timestamp format yyyy‑MM‑dd HH:mm:ss.SSSSSS e.g. 2024-01-01T00:00:00.000Z
• ?poStatus - DRAFT / PO_READY / DELIVERY_ IN / LATE

Example, GET API for PRs starting from 1st of January 2024

https://go.procurementflow.com/api/export/all/{organisation_id}?purchaseRequestCreatedDate=2024-01-01T00:00:00.000Z

‍

POST API endpoints

Use x-api-key header for key when making the request.

• Greate PR endpoint: https://go.procurementflow.com/api/purchase-request/create
• POST API Documentation is available here

‍

‍