How to add company/contact from linux/apache/php environment?

Could you plase help to a completely novice in the SuperOffice API. I'm customer.  
How to add company/contact from linux/apache/php environment — is it better to use SOAP?

What URL should i use for php SoapClient() function?

Thank you so much in advance!
With best regards,


RE: How to add company/contact from linux/apache/php environment?

Hi Serge,

As a customer who is looking to building a personal integration, as Margrethe has pointed out, you will need to register your integration as a custom app. Upon registration, you will receive an email with additional resource for getting started building an application for use in our online environment. 

With regards to the question whether to use SOAP or REST, we support both. With SOAP, there is the example that Margrethe points to, but I must tell you that example depends on local copies of the WSDL files, as we do not enable open access to endpoint metadata. 

We support OpenID Connect() for user-interactive sessions (Authorization Code flow, Implicit flow, Hybrid flow), but not for non-interactive sessions (client credentials). It's a bit muddy at the moment, but if you want to use REST, and have non-interactive sessions, then there is some guidance for that.

Best regards.

Av: Tony Yates 8. aug 2018

RE: How to add company/contact from linux/apache/php environment?

Margrethe & Tony, thank you so much for reply. 

Could you please clarify:

1. How can i get SOTicket  for my app? I've tried to use and got SOTicket for your test App. For my app it's looks like i should generate PRIVATE_KEY for 'System user private key' i've got with app registration. But how i can do it if I use MacOS?  

2. Can i use SOTicket for long period of time (months)? If not, the solution is to get/store System Token for my App and regenarate SOTicket from time to time? How often?

Thank you so much in advance!

Av: Serge Piskarev 16. aug 2018

RE: How to add company/contact from linux/apache/php environment?

Hi Serge,

When you registered your application, you were sent an email with your assigned application identitfier, among other details, and a link to download a private key. That private key is in RSA XML format, which can be converted to PEM format, which the PHP example uses.

Alternatively, you can generate your own public/private key and send SuperOffice the public one, which will then be used to validate the requests signed and sent from your application.

The ticket claim enclosed in the returned security token (JWT/SAML) is only good for ca. 6 hours, but has a sliding expiration; each time it is used the 6 hour window is refreshed on the application server. I know some implementations have created services to automatically refresh this credential type. SOAP doesn't have an equivilent refresh_token concept. The system user token is used to exchange it for a system user ticket - which is also only good for a short period, but this is used specifically for background processing, and not "user" specific. There is no way to impersonate a user this way either.

I hope this helps.

Av: Tony Yates 17. aug 2018