Exact Netherlands and Exact UK require different credentials. This article is intended for both versions and states where instructions are version specific or can be used for both.
API rate limits
As of 1 January 2021, Exact has introduced new rate limits to limit the number of requests an app is permitted to send during a time window. Each limit has a specific behaviour when it is exceeded — for more details, please read Exact's article.
- Minutely limit — an app can make 60 API calls, per company, per minute.
- Daily limit — an app can make 50,000 API calls, per company, per day. As of 1 January 2021, new apps will be directly limited to 5,000 API calls, per company, per day.
Enabling linking for your customers
To allow your customers to connect to your production app, you must request permission from Exact. If you do not do this, then your users will encounter an error during the authorisation flow.
The same limitation applies to your UAT application. However, you will be able to link the Exact account that created the app to enable your testing.
Before you can access data from customers using Exact for their accounting, you need to set up an Exact integration in the Codat portal. You'll need to:
- Register a new application on Exact’s developer site.
- Add your secure keys to the Codat portal.
- Request permissions for other users to access your app.
- Ensure you have an Exact App Centre account by becoming an app center partner. If you have not done this already, go to:
- https://start.exactonline.co.uk/docs/HRMSubTrialNew.aspx?bcaction=0&type=10&language=EN&UseSimpleWizard=1&PackageSetCode=APPCENTER for the Exact UK integration, or
- https://www.exact.com/nl/developers for the Exact NL integration, and selecting the 'Exact Online partners' link towards the bottom of the page
- Go to the Exact developer site and log in:
- Select Manage my Apps in the top menu
- Select the Register a product app or Register a testing app tile under the corresponding sections depending on the purpose of your app.
- Fill in the form with the details of the app.
- The name of the app will be displayed to the user linking their accounts, so it should identify you.
- The OAuth redirect URL should be as follows:
- For Production apps:
- For UAT apps:
- For Production apps:
- Select Register.
- You will be redirected to a page with a tab titled Develop your app where you will see the Client ID and Client secret for your app. If you're not redirected simply go to Manage my apps and select the App you have just created.
- Open the Codat portal and log in.
- In the left pane, select Integrations > Accounting.
- Scroll down to either the Exact (Netherlands) or Exact (UK) integration and select Manage.
- Paste in the Client Id and Client Secret from the Exact App centre for your chosen app, and then select Save.
- Enable your integration. Go back to Integrations > Accounting, and use the toggle to update your Exact integration from Disabled to Enabled.
Spaces in secure keys
Make sure that your secure keys don't contain any spaces.
For your Production app you must request permission from Exact to allow your app to be connected to by your users. For more info visit the Exact site here.
Follow these steps:
- In the Exact App Centre, select Manage my apps and then the Submit for review tab.
- To request permission, you must first complete the Data & Security Review, so select Edit against this section.
- Describe the purpose of your app and then select the Manage radio button for ALL scopes in the Scopes section.
- Next fill out the form from the perspective of your company and not Codat, with a few exceptions for the following questions:
- Q: Is the data that you receive, process, or store in your app or linked systems protected against unauthorized access or disclosure, such as through encryption? A: In the answer you may want to include that for the 3rd party integration (Codat) data is encrypted in transit using SSL and at rest using AES-256 managed by Microsoft Azure.
- Q: Do you have a change management process in place which ensures that all changes to the app or service are authorized and tested before being released? A: In the answer you may want to include that the 3rd party integration (Codat) also has it's own change management process including automated integration tests, developer testing, a QA function as part of it's continuous delivery practice utilising Microsoft Dev Ops - also enabling immediate rollback of any broken functionality.
- Q: Do you have a version control system in place to manage the change history, branching, merging, and traceability of changes to the app or service? A: In the answer you may want to include that the 3rd party integration (Codat) manages it's version control via Azure DevOps and various source control platforms.
- Once saved, select Submit at the top of the page.
- Once your Data & Security Review has been successful, in the Submit for Review page, select Request in the Request permission section and wait for permissions to be granted by Exact. During this stage your app will have an In Review tag.
Updated 3 months ago