Page 1 of 1

BHRestToken request returning restUrl for wrong corporation

Posted: Mon Jan 27, 2020 9:22 pm
by bblakey
Hi,

After successfully getting API requests working for our internal "Sandbox" environment (OAuth auth code, access/refresh tokens, BHRestToken, etc.), we're working on getting our first API integration set up with with an external client. They have two separate accounts we're attempting to connect to, let's call them "Staging" and "Production". These represent two different CorporationIDs within Bullhorn, and each account has its own unique client_id and client_secret as well (as one would expect).

We're having an issue where the request to log in to the REST API with the refresh_token for the "Production" account returns the same corporate token in the "restUrl" response that we get when logging in for our "Sandbox" account. As such, we're unable to perform any requests for entities that exist in their "Production" account since in reality we're just querying against our "Sandbox" account.

I do not believe that it's a coding error on our end because we do get a different corporate token in the "restUrl" response when performing a log in request to the REST API for their "Staging" account, and I can successfully query the entities that I expect to find there.

To better illustrate the issue, here's a somewhat obfuscated example:

Making a request for a "BhRestToken" and "restUrl" using our "sandbox_access_token":

Code: Select all

https://rest-east.bullhornstaffing.com/rest-services/login?version=2.0&access_token={sandbox_access_token}
Results in this response:

Code: Select all

{
	"BhRestToken":"sandbox-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
	"restUrl":"https://rest91.bullhornstaffing.com/rest-services/{sandbox_corp_token}/"
}
This "sandbox_corp_token" url gives me access to the expected entities for the "Sandbox" account when making additional REST API requests, all good there.

A similar request using the "staging_access_token" with the following url:

Code: Select all

https://rest-east.bullhornstaffing.com/rest-services/login?version=2.0&access_token={staging_access_token}
Results in this response:

Code: Select all

{
	"BhRestToken":"staging-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
	"restUrl":"https://rest99.bullhornstaffing.com/rest-services/{staging_corp_token}/"
}
Once again, the unique "staging_corp_token" url corresponds to their "Staging" account as expected, allowing me to query their entities as desired with subsequent REST API requests.

However, things go awry when making a request for a "BhRestToken" and "restUrl" using the "production_access_token" for their "Production" account:

Code: Select all

https://rest-east.bullhornstaffing.com/rest-services/login?version=2.0&access_token={production_access_token}
The response for that request is:

Code: Select all

{
	"BhRestToken":"production-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
	"restUrl":"https://rest91.bullhornstaffing.com/rest-services/{sandbox_corp_token}/"
}
Note that the "restUrl" returned contains our "sandbox_corp_token" value in the url and NOT the "production_corp_token" we would expect for this request! Given that it's returning the url for our "Sandbox" account, I am unable to make API requests for the EntityIDs associated with the external client's "Production" account since those requests are really just accessing the data in our "Sandbox" account.

Is this something that you can help me with? Please let me know if my explanation of the problem isn't clear or you need more information from me.

Thanks in advance!

Re: BHRestToken request returning restUrl for wrong corporation

Posted: Wed Jan 29, 2020 12:34 pm
by zgonza
Hello,

Thanks for posting in the API Forum.

For something like this I would recommend reaching out to Bullhorn Support and creating a ticket. There, sensitive information can be provided within a ticket setting as a opposed to an open forum setting. From there, our Analysts will be happy to help get this resolved.

Cheers,