Getting Started¶
This guide walks you through the basics of connecting to and using the Gestix ERP API.
Prerequisites¶
- A Gestix ERP account with API access enabled
- An API Token — generated in Admin > Webshop within the Gestix interface
- Knowledge of HTTP and JSON
Base URL¶
All API requests use the following base URL pattern:
| Segment | Description |
|---|---|
{account} |
Your Gestix account identifier (e.g., 03101176) |
v4.0.0 |
API version — always use the version you were provisioned for |
Step 1 — Authenticate¶
Before calling any protected endpoint, obtain a session token by authenticating with your API Token:
On success, you receive:
Store the xa-token — it is your session token for all subsequent requests.
Alternative: username/password auth
If you are building a web application that authenticates end users, use POST /auth instead, which accepts a username and password directly.
Step 2 — Make Requests¶
Pass the session token as a Bearer token in the Authorization header:
Step 3 — Use a Nonce on Write Operations¶
All POST and PUT endpoints require a nonce query parameter. The nonce must be:
- A positive integer
- Strictly incrementing — each new request must use a higher value than the previous one
- Client-generated (e.g., a Unix timestamp in milliseconds works well)
POST /api/{account}/v4.0.0/invoices?nonce=1700000000001
Authorization: Bearer <xa-token>
Content-Type: application/json
{ ... }
The nonce prevents replay attacks and duplicate submissions.
Step 4 — Check Status¶
Use GET /status at any point to verify your session is active and to retrieve version and error information:
Content Types¶
| Direction | Content-Type |
|---|---|
| Request bodies (POST/PUT) | application/json |
| Response bodies | application/json |
PDF responses (when print=1) |
application/pdf |
Next Steps¶
- Explore the Endpoints reference
- Learn about Pagination & Filtering
- Understand Error Handling
- Read the full Authentication guide