DRW × Accurate — Dokumentasi

Connector & CRUD tester untuk Accurate Online API (akuntansi/ERP + POS Indonesia), berjalan di accurate.drwapp.com.

Ikhtisar Autentikasi API Connector Proxy Generik (CRUD)OAuth Keuangan Katalog Resource Registrasi & Token Contoh curl

Ikhtisar

Accurate punya 2 jalur autentikasi. Tool ini memakai jalur API Token (signature) — server-to-server, tanpa browser/OAuth.

	OAuth 2.0	API Token (dipakai tool ini)
Kredensial	client_id + client_secret	API Token `aat.` + signature secret
Browser/login	Ya (consent)	Tidak
Header data	Bearer + X-SESSION-ID	Bearer + X-Api-Timestamp + X-Api-Signature

Arsitektur 2-host: account.accurate.id (akun/token) → host database (mis. odin.accurate.id) untuk data.

Autentikasi

Ke tool ini

Semua /api/* (kecuali /api/health) butuh App Access Key:

Authorization: Bearer <APP_ACCESS_KEY>
# atau header X-App-Key: <APP_ACCESS_KEY>

Tool → Accurate (signature)

timestamp = unix detik (time())
signature = HMAC_SHA256(timestamp, SIGNATURE_SECRET)   // output HEX

Authorization:    Bearer {API_TOKEN aat.NTA…}
X-Api-Timestamp:  {timestamp}
X-Api-Signature:  {signature}
X-Language-Profile: EN

Yang ditandatangani hanya nilai timestamp. Host database diresolusi dari api-token.do (di-cache 1 jam).

API Connector (di tool ini)

Method	Path	Auth	Deskripsi
GET	`/api/health`	—	Health check
GET	`/api/token`	App Key	Info database/lisensi/user (api-token.do) — tes koneksi
GET	`/api/catalog`	App Key	Katalog resource (untuk UI/discovery)
ANY	`/api/accurate/{resource}/{action}`	App Key	Proxy generik ke Accurate (CRUD semua resource)

OAuth 2.0 — akses atas-nama-user

Alternatif jalur API Token. Cocok bila tool harus bertindak sebagai user Accurate (consent di browser). Token disimpan server-side & auto-refresh.

Method	Path	Deskripsi
GET·browser	`/oauth.php?action=login&key=APP_KEY`	Mulai consent (redirect ke Accurate)
GET·callback	`/oauth.php?code=…&state=…`	Tukar code→token, auto open-db pertama
GET·browser	`/oauth.php?action=logout&key=APP_KEY`	Putuskan sesi OAuth
GET	`/api/oauth/status`	Status (connected, scope, db, exp)
GET	`/api/oauth/db-list`	Daftar database (db-list.do)
POST	`/api/oauth/open-db?id=`	Pilih database aktif (session+host)
ANY	`/api/oauth/accurate/{resource}/{action}`	Proxy CRUD via OAuth

Beda dgn API Token: OAuth pakai Authorization: Bearer {access_token} + X-SESSION-ID (dari open-db), tanpa signature. ACCURATE_OAUTH_SCOPE di config HARUS subset scope terdaftar aplikasi. Di UI: tab OAuth → Sambungkan, lalu CRUD Tester pilih Auth mode = OAuth.

Proxy Generik — CRUD semua API

Satu route menjangkau semua resource Accurate. Pemetaan:

Tujuan	Tool	→ Accurate
List	GET `/api/accurate/item/list?sp.pageSize=10`	`GET {host}/accurate/api/item/list.do`
Detail	GET `/api/accurate/item/detail?id=98`	`GET …/item/detail.do?id=98`
Create/Update	POST `/api/accurate/item/save` + body JSON	`POST …/item/save.do`
Delete	POST `/api/accurate/item/delete?id=98`	`POST …/item/delete.do?id=98`

GET → query diteruskan; POST → body JSON diteruskan (query juga diteruskan, mis. ?id=). Respons Accurate diteruskan apa adanya ({ s, d, sp }).

Keuangan / Akuntansi slug terverifikasi live

Resource keuangan (diuji list.do → s:true pada DB Retail Sample):

glaccount — Akun / Chart of Accounts. glaccount/detail?id= membawa saldo (balance, openBalance, primeBalance).
journal-voucher — Jurnal Umum (detailJournalVoucher[] debit/credit)
other-payment — Pengeluaran Kas/Bank · other-deposit — Penerimaan Kas/Bank
bank-transfer — Transfer Kas/Bank
expense — Biaya · fixed-asset — Aktiva Tetap
Pelunasan Piutang = sales-receipt · Pelunasan Hutang = purchase-payment

Catatan penting: Accurate tidak mengekspos endpoint laporan keuangan (neraca / laba-rugi / buku besar / neraca saldo) sebagai list.do — API-nya berorientasi resource transaksional. Untuk saldo akun, pakai glaccount/detail; untuk laporan, agregasi sisi klien dari journal-voucher + glaccount. Slug yang TIDAK ada (mis. bank-payment, fund-transfer, trial-balance) membalas "URL API tidak tepat".

Katalog Resource

Ambil katalog lengkap (modul + resource + action + contoh payload):

GET /api/catalog
Authorization: Bearer <APP_ACCESS_KEY>

Modul: Master Data · Penjualan · Pembelian · Keuangan/Akuntansi · Persediaan.

Registrasi & Daftar Token

Daftar trial: accurate.id/trial/aol
Developer Console → Add Application → Client ID, Client Secret, App Key, Signature Secret
Accurate Online → Pengaturan → Accurate Store → tab API Token → hubungkan app → API Token aat.NTA…
Pasang aat. + signature secret ke backend/config.php

Token	Peran
Client ID / Secret	OAuth (atas nama user)
App Key	Identitas aplikasi (bukan bearer)
Signature Secret	Kunci HMAC tanda tangan
API Token aat.	Bearer jalur API Token — yang dipakai tool ini

Contoh curl

# Tes koneksi
curl -H "Authorization: Bearer $APP_KEY" https://accurate.drwapp.com/api/token

# List item
curl -H "Authorization: Bearer $APP_KEY" \
  "https://accurate.drwapp.com/api/accurate/item/list?sp.pageSize=5&fields=id,no,name"

# List akun (keuangan)
curl -H "Authorization: Bearer $APP_KEY" \
  "https://accurate.drwapp.com/api/accurate/glaccount/list?sp.pageSize=10"

# Buat customer
curl -X POST -H "Authorization: Bearer $APP_KEY" -H "Content-Type: application/json" \
  -d '{"customerNo":"CUST-TEST","name":"Pelanggan Test"}' \
  https://accurate.drwapp.com/api/accurate/customer/save