Integrate the page on iFrame using integration keys (method 1)

You have seen in the video that you can add a page type and can record keys. The goal of these keys is to pass on the data of the current InSite or OutSite user to the partner in a safe manner.

In Profit, you can record a public and secret key; these keys must be known at both parties (AFAS customer and AFAS Partner). Because the combination between these keys is only known amongst these parties, you can prove they know each other.

An InSite site is used to which a user is logged on in the example below. Once the user has opened an integration page, the exchange of data between the user and partner will be started.

Step 1: The user opens the integration page

The user opens the integration page.

Step 2: Check keys

The InSite page checks whether a public and secret key are ready for use

Step 3: Generate a token

If the page has a public and secret key, a token will be generated with the data from the current user. A token is an object with the user's data.

Contents of the site

Step 4: Save a token

The token is saved in Profit (and will not be sent to the partner).

Step 5: Building up an InSite page and returning it to the user

The InSite page is structured and sent back to the user. This page's HTML also contains a frame that is intended for the partner's page.

Step 6: Retrieve a content frame from the partner

The user's browser will receive the InSite page and will make a request to the partner for the contents of the frame.

The following additional parameters have been added to the URL by InSite:

partner.nl/pagina.html?

tokenurl=insite.nl/gettoken

code=T001

publickey=publ123

sessionid=YYYYY

Explanation:

  • tokenurl

    The URL with which the partner can retrieve the token.

  • code

    You can determine which token the partner wants to receive based on this code.

  • publickey

    The public key that is recorded in Profit at the page type.

  • sessionid

    You can later validate whether the current token is still valid for the current user based on this ID. This ID will change when the user logs off, changes organisation or deactivates or activates the admin mode.

Step 7: Retrieve the secret key

The partner can find the secret key in his or her own administration with the public key.

Step 8: Create a POST message

The partner can create a POST message with the obtained and searched-for information. The content of this message is the secret key and the unique code with which the token can be identified. The message must be sent to the token URL.

HTTP POST insite.nl/gettoken

secret= scr@

code= T001

Step 9: Checking the token and keys

InSite searches for the token based on the received message and checks, for example, whether the secret key matches the requested token.

Once the token has been found, it will be deleted from the Profit database. The token can therefore only be retrieved once. The token must, moreover, be retrieved within 5 minutes. It will be deleted after this time has passed.

Step 10: Sending the token to the partner

Once the token has been found and validated, InSite will send the token to the partner in JSON format.

Next, the partner can save the token so that it continues to be available for the current session. The partner must check whether the token is still valid for the current session of the InSite user with regard to each request of the integration page.

By including the URLs of the style sheet and JavaScript in the page, you can realise a true integrated experience for the user.

Directly to

  1. Add an integration page in InSite and OutSite
  2. Add a page type for iFrame
  3. Activate a page type for an iFrame
  4. Show content in an iFrame
  5. Method 1: Integrate the page on iFrame using integration keys
  6. Method 2: Integrate the page on iFrame without using integration keys
  7. Frequently Asked Questions