titledescriptionupdated_date
SalesPad APIHow to set up SalesPad API access and permissions for your organization.2025-10-24T16:45:21Z

SalesPad API

What we Need

  • SalesPad API URL Example: https:///api

    Confirm the correct server and port with your IT or SalesPad administrator.

  • Admin credentials (username and password)

    An administrator account in SalesPad Desktop is required to create and configure API users.

    This account is used to manage users, groups, and permissions.

  • API user credentials with appropriate permissions

    A dedicated API user must be created in SalesPad Desktop:

    1. Log in as Admin
    2. Navigate to System → Security → Users
    3. Add a new user (e.g., integration@company.com)
    4. Set a password (this will be used for Basic Auth in the WebAPI)
    5. Assign the user to a Security Group (Internal or External) with the necessary permissions:
      • Customers → View
      • Sales Documents → View
      • Inventory → View
      • Add Create/Update/Delete if required by the integration
    6. Save the new user
    7. Test the account using GET /api/session with Basic Auth

Overview

SalesPad API provides a RESTful interface to access SalesPad functionality, allowing you to create, view, update, and delete Customers, Sales Documents, Inventory, and more. The API uses the same database as the desktop SalesPad application, but permissions are configured separately.

Authentication

SalesPad API uses Basic Authentication to obtain a Session ID. The authentication process involves:

  1. Making a request to GET /api/Session/Permanent with SalesPad credentials in the Authorization header
  2. Receiving a Session GUID (Globally Unique Identifier) in the response
  3. Including this Session GUID in a Session-ID header for all subsequent requests

Permissions Setup

Permissions in SalesPad can be tightened down to the property level of each object for each user group. There are two types of SalesPad users:

  1. Internal Users: Treated the same as SalesPad client users and take up one seat of SalesPad
  2. External Users: Licensed separately and take up an External seat of SalesPad

Setting Up User Permissions

  1. Create User Groups:

    • Log in to SalesPad desktop application as an administrator
    • Navigate to Setup > Security > User Groups
    • Create a new group or modify an existing one
    • Specify whether the group is Internal or External

  2. Configure Object-Level Permissions:

    • For each object (Customers, Sales Documents, Inventory, etc.), set the appropriate permissions:
      • View: Allow users to see the object
      • Create: Allow users to create new instances
      • Update: Allow users to modify existing instances
      • Delete: Allow users to remove instances

  3. Configure Property-Level Permissions:

    • For each property of an object, you can further restrict access
    • This allows for fine-grained control over what data users can see or modify

  4. Customer Filtering (Optional):

    • Users can be tied to specific Customers or ShipToAddresses
    • This restricts users to only see information related to their assigned customers

Original Permissions Documentation

For detailed information about SalesPad API permissions, refer to the official documentation:

Notes from Customer Portal Documentation:

  • The SalesPad Customer Portal uses the same database as the desktop application, but permissions are configured separately from SalesPad Desktop
  • Users can be Internal (counts as a SalesPad desktop seat) or External (licensed separately)
  • Permissions can be restricted down to object properties, and users can be tied to specific Customers or ShipToAddresses
  • To enable API access and WebPortal functionality, the WebAPI must be installed and running, and the portal must point to the correct API_URL in config.js
  • SSL/HTTPS setup and IIS bindings may be required for external access
  • A file is needed for the installation: SalesPad.GP.RESTv3.Setup.XXXX.msi

Required Permissions for Data Integration

To successfully integrate with SalesPad and retrieve the data we need, the following permissions are required:

  1. Customer Data:

    • View permissions for Customer objects and all relevant properties
    • View permissions for Customer Address information

  2. Sales Document Data:

    • View permissions for Sales Document objects and all relevant properties
    • View permissions for Sales Document Line items

  3. Inventory Data:

    • View permissions for Inventory objects and all relevant properties
    • View permissions for Inventory Transaction history

  4. User Data:

    • View permissions for User objects (if user activity data is needed)

  5. API Access:

    • The user account must be configured for API access
    • Session creation permissions must be enabled

Setting Up a Sandbox Account

For testing and development purposes, we recommend creating a dedicated sandbox account with appropriate permissions. This account should be used exclusively for development and testing.

Sandbox Account Best Practices

  • Create a dedicated API user with a descriptive username (e.g., api-sandbox@yourcompany.com)
  • Assign it to a security group with appropriate permissions for testing
  • Store the credentials securely in your organization’s secret management system
  • Regularly rotate the password according to your security policies
  • Document the API URL, username, and access details in your secure credential storage

For Parable internal use, sandbox credentials are stored in Google Cloud Secret Manager. Contact the engineering team for access details if needed.