HTTP Basic Auth deprecation

HTTP Basic Auth deprecation

Note: If you're not a developer and you don't have any integrations/addons then you probably don't need to worry about this! If you're unsure, read on to learn more.

What is HTTP Basic Authentication?

HTTP Basic Authentication is a mechanism used to authorise requests to an API. It has worked well for us and our customers, but as things mature and our customers become more security conscious we decided to replace it with more secure protocol called OAuth.

What does this mean for me?

It's not a given that this change will affect you in any way. It will not matter to retailers who use Vend without any integrations or those using our most popular integrations such as Xero or Shopify. It will most likely impact you if you have commissioned a custom integration or are using some kind of scripted process to get data out of Vend. If you are not sure, you should get in touch with the developer who has created this software for you. If you, or the developer, need any assistance or have any further questions regarding this change, get in touch with us at:

When will this change happen?

We've set the date for the 1st of May 2016. While this date has changed in the past, you should treat this one as final and assume that on the 1st of May 2016 basic authentication will stop working and it will only be possible to authorise custom integrations using OAuth or Personal Tokens.

Why are we doing this?

  • Security

In a continued effort to offer our customers world class services, we want to make sure that your data is safe with us. A few months ago we have disabled access to Vend (for the web app and the API) via HTTP. From then on Vend can only be accessed over an HTTPS connection. Deprecating Basic Authentication is the next step on the road to making Vend as secure as possible.

  • Visibility

You can see who is accessing your data and most importantly we can see who is causing issues in case things go wrong. It's important for us to be able to identify applications causing issues for our customers and Basic Auth did not allow this.

  • Flexibility

With OAuth and Personal Tokens, the identity of the app accessing your data is not bound to a user in your account. That means that you can revoke access for every app you are using separately, without changing any user details.

Does it matter is I use XERO, QuickBooks Online or Shopify integrations?

Nope, you're all good. We have created those integrations and have made sure they will work with this change.

3rd party applications already using OAuth

The following providers have worked with us to prepare for this change and if you use their service/product you should be good to go:

  • Timely
  • Unleashed
  • Deputy
  • Airsquare
  • Smallfish
  • Pozly
  • Rocketspark
  • Perkville
  • SkuBrain
  • Linksync
  • Vortex

There's still a chance that some of these providers may not have migrated all their connections to use OAuth. We recommend, therefore, that you get in touch with your provider to confirm that your account is already migrated.

I'm a developer. How do I start using OAuth?

  • First, you have to go to our developer page and register a developer account.
  • Next, you should create an app within this account.
  • Creating the app will give you all the details you need to implement OAuth within your app. More details of the OAuth process can be found here.

OAuth is too complicated to use. Can I keep using Basic Auth?

Nope. Basic Auth is going away. Fortunately though, we have an alternative solution: Personal Tokens. It's just as simple at Basic Auth to use but much more flexible and secure. More details here.

    • Related Articles

    • Setting up promo codes for Basic promotion in Vend

      Vend's new Promo Codes feature is an extension to their Promotion's feature which will let you set up Promo Codes to offer your customers discounts on all or selected products in your store.  Important: Promo Codes are only available for retailers ...
    • Basic Vend troubleshooting checklist

      If Vend or any hardware is not working as intended, you should first perform these simple troubleshooting steps: Check if you have a working internet connection and your device is connected to it by going into the iPad settings > WiFi. Check if your ...
    • Magento Integration Setup

      Before You Begin Before you configure the Unleashed integration setup, you must complete the following steps in Magento to create the Magento API Key. This is required to connect your Magento store to Unleashed. You must have administrator access to ...
    • Warehouses

      The warehouse details where your goods are stored can be created in Unleashed. Once you create the warehouse records, the details can be automatically retrieved when you want to create purchase orders, sales orders and other transactions. Adding a ...
    • What is a Register Closure?

      Register Closures are a basic part of retail that allow you to physically check your cash and credit totals against their recorded totals in Vend. A register is opened when you first go to your Vend sell screen, and it checks the date and time on ...