Skip to main content
The Integrations API lets you manage connections to payment gateways, accounting software, and other third-party providers. Credentials are stored encrypted — secrets are write-only and are never returned in GET responses. All integration endpoints require the Admin role.
Secrets fields (marked isSecret in templates) are write-only. Once saved, they cannot be retrieved by any GET endpoint. To replace a secret, use the rotate-secrets endpoint.

Integration types

The integrationType field uses the following enumeration values:
ValueDescription
1Payment
2Accounting
3Shipping
4Email
5Sms
6Analytics
7Crm
8Inventory

GET /api/integration-templates

Returns all available integration templates. Use templates to understand which fields are required before creating an integration. For OAuth providers (e.g. QuickBooks), the response includes the callbackUrl you must register with the external service. Security: Admin policy

Query parameters

integrationType
integer
Filter templates by integration type. See the Integration types table for valid values. Omit to return all templates.

Response

templates
array
Array of integration template objects.
Example response
{
  "templates": [
    {
      "type": 1,
      "provider": "AuthorizeNet",
      "displayName": "Authorize.Net",
      "description": "Accept credit card payments through Authorize.Net payment gateway",
      "requiresOAuth": false,
      "documentationUrl": "https://developer.authorize.net/",
      "supportedFeatures": ["payments", "refunds"],
      "configurationFields": [
        {
          "key": "IsSandbox",
          "displayName": "Sandbox Mode",
          "description": "Enable sandbox/test mode",
          "type": 3,
          "required": true,
          "defaultValue": "true"
        }
      ],
      "secretFields": [
        {
          "key": "ApiLoginId",
          "displayName": "API Login ID",
          "description": "Your Authorize.Net API Login ID",
          "required": true,
          "isSensitive": true
        },
        {
          "key": "TransactionKey",
          "displayName": "Transaction Key",
          "description": "Your Authorize.Net Transaction Key",
          "required": true,
          "isSensitive": true
        }
      ]
    },
    {
      "type": 2,
      "provider": "QuickBooks",
      "displayName": "QuickBooks Online",
      "description": "Sync customer and product data with QuickBooks Online",
      "requiresOAuth": true,
      "callbackUrl": "https://api.achievemomentum.com/api/integrations/QuickBooks/callback",
      "configurationFields": [],
      "secretFields": []
    }
  ]
}
curl example — all templates
curl -X GET \
  "https://api.achievemomentum.com/api/integration-templates" \
  -H "Authorization: Bearer <your_token>"
curl example — filter by type
curl -X GET \
  "https://api.achievemomentum.com/api/integration-templates?integrationType=1" \
  -H "Authorization: Bearer <your_token>"

GET /api/integrations/available

Returns all available integration templates enriched with the current configuration and connection status for your organization. Results are grouped by integration type. Security: Admin policy

Response

organizationId
string
Your organization’s identifier.
totalAvailable
integer
Total number of available integrations.
configuredCount
integer
Number of integrations you have configured.
enabledCount
integer
Number of integrations that are currently enabled.
integrationsByType
object
Dictionary keyed by integration type, where each value is an array of AvailableIntegration objects.
curl example
curl -X GET \
  "https://api.achievemomentum.com/api/integrations/available" \
  -H "Authorization: Bearer <your_token>"

POST /api/organizations//integrations

Creates a new integration for the specified organization. Pass non-sensitive settings in configuration and sensitive credentials in secrets — secrets are encrypted at rest and are never returned by any GET endpoint. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.

Request body

integrationType
integer
required
Integration type. See the Integration types table.
provider
string
required
Provider identifier, e.g. AuthorizeNet or QuickBooks. Must match a template provider value.
displayName
string
required
A human-readable name for this integration instance (e.g. Main Payment Gateway).
isEnabled
boolean
default:"true"
Whether the integration should be enabled immediately.
configuration
object
Key-value pairs of non-sensitive configuration settings. Keys must match the configurationFields keys from the provider’s template.
secrets
object
Key-value pairs of sensitive credentials. Keys must match the secretFields keys from the provider’s template. Values are stored encrypted and are never returned.

Response

integrationId
string
Unique identifier of the newly created integration.
organizationId
string
Your organization’s identifier.
integrationType
integer
Integration type.
provider
string
Provider identifier.
displayName
string
Display name of the integration.
isEnabled
boolean
Whether the integration is enabled.
createdAt
string
ISO 8601 timestamp of when the integration was created.
Example request — Authorize.Net
{
  "integrationType": 1,
  "provider": "AuthorizeNet",
  "displayName": "Main Payment Gateway",
  "isEnabled": true,
  "configuration": {
    "IsSandbox": "true"
  },
  "secrets": {
    "ApiLoginId": "your-api-login-id",
    "TransactionKey": "your-transaction-key"
  }
}
Example response
{
  "integrationId": "int_123456789",
  "organizationId": "org123",
  "integrationType": 1,
  "provider": "AuthorizeNet",
  "displayName": "Main Payment Gateway",
  "isEnabled": true,
  "createdAt": "2024-01-15T10:30:00Z"
}
curl example
curl -X POST \
  "https://api.achievemomentum.com/api/organizations/org123/integrations" \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "integrationType": 1,
    "provider": "AuthorizeNet",
    "displayName": "Main Payment Gateway",
    "isEnabled": true,
    "configuration": { "IsSandbox": "true" },
    "secrets": {
      "ApiLoginId": "your-api-login-id",
      "TransactionKey": "your-transaction-key"
    }
  }'

GET /api/organizations//integrations

Returns all integrations configured for the specified organization. Secrets are never included in the response. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.

Query parameters

integrationType
integer
Filter results by integration type. See the Integration types table.
isEnabled
boolean
Filter results by enabled status. Omit to return all.

Response

integrations
array
Array of integration summary objects (secrets omitted).
curl example
curl -X GET \
  "https://api.achievemomentum.com/api/organizations/org123/integrations" \
  -H "Authorization: Bearer <your_token>"

GET /api/organizations//integrations/

Returns detailed information about a specific integration, including its configuration and the list of available fields from the provider template. Secrets are never included. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.
integrationId
string
required
The integration’s unique identifier.

Response

integrationId
string
Unique integration identifier.
organizationId
string
Organization identifier.
integrationType
integer
Integration type.
provider
string
Provider identifier.
displayName
string
Display name.
isEnabled
boolean
Whether the integration is enabled.
createdAt
string
ISO 8601 creation timestamp.
updatedAt
string
ISO 8601 last-updated timestamp.
configuration
object
Non-sensitive configuration key-value pairs. Secrets are excluded.
createdBy
string
Identity of the user who created the integration.
availableFields
object
Fields available for this provider from the template, including configurationFields, secretFields, requiresOAuth, documentationUrl, and supportedFeatures.
curl example
curl -X GET \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789" \
  -H "Authorization: Bearer <your_token>"

PUT /api/organizations//integrations/

Updates an existing integration’s display name, enabled status, configuration, and/or secrets. If you update secrets, the API flags that a connection test is recommended. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.
integrationId
string
required
The integration’s unique identifier.

Request body

displayName
string
New display name for the integration.
isEnabled
boolean
Enable or disable the integration.
configuration
object
Updated non-sensitive configuration key-value pairs. Merged with existing configuration.
secrets
object
Updated secret key-value pairs. Values are encrypted and overwrite existing secrets for the supplied keys. Cannot be retrieved after saving.

Response

testConnectionRequired
boolean
true if secrets or critical configuration keys (e.g. IsSandbox, Environment) were changed. Run a connection test to verify.
curl example
curl -X PUT \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789" \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "Production Payment Gateway",
    "isEnabled": true,
    "configuration": { "IsSandbox": "false" }
  }'

POST /api/organizations//integrations//test

Tests connectivity and authentication for the specified integration. The result is recorded on the integration and reflected in the testStatus field of subsequent list/get responses. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.
integrationId
string
required
The integration’s unique identifier.

Response

integrationId
string
The integration that was tested.
isSuccessful
boolean
true if the connection test passed.
message
string
Human-readable result message (e.g. Connection test successful).
testedAt
string
ISO 8601 timestamp of when the test was performed.
Example response
{
  "integrationId": "int_123456789",
  "isSuccessful": true,
  "message": "Connection test successful",
  "testedAt": "2024-01-15T14:22:00Z"
}
curl example
curl -X POST \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789/test" \
  -H "Authorization: Bearer <your_token>"

POST /api/organizations//integrations//connect

Initiates an OAuth authorization flow for OAuth-based providers (e.g. QuickBooks). Returns an authorizationUrl that you redirect the user to. The OAuth URL expires after 15 minutes. Security: Admin policy
Before calling this endpoint, ensure you have registered the callbackUrl from the integration template with the external provider’s developer console.

Path parameters

organizationId
string
required
Your organization’s unique identifier. Resolved from the JWT OrganizationId claim.
integrationId
string
required
The integration’s unique identifier.

Request body

state
string
required
An opaque string (typically your application’s return URL) that Nymble Commerce encodes into the OAuth state parameter and returns to your callback. Use this to redirect the user back to the correct page after authorization.

Response

authorizationUrl
string
The OAuth authorization URL. Redirect your user to this URL to begin the OAuth flow.
curl example
curl -X POST \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789/connect" \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{ "state": "https://yourapp.com/integrations/callback" }'

POST /api/organizations//integrations//rotate-secrets

Rotates (replaces) the secrets for the specified integration. Optionally runs a connection test after rotation to validate the new credentials. Use this endpoint for periodic security compliance key rotation. Security: Admin policy

Path parameters

organizationId
string
required
Your organization’s unique identifier.
integrationId
string
required
The integration’s unique identifier.

Request body

newSecrets
object
required
Key-value pairs of new secret values. Keys must match the secretFields keys from the provider’s template. Values are encrypted at rest and are never returned.
testConnectionAfterRotation
boolean
default:"true"
Whether to automatically run a connection test after updating the secrets. Strongly recommended.

Response

testConnectionSuccessful
boolean
true if the post-rotation connection test passed. Only meaningful when testConnectionAfterRotation was true.
Example request
{
  "newSecrets": {
    "ApiLoginId": "new-rotated-api-login-id",
    "TransactionKey": "new-rotated-transaction-key"
  },
  "testConnectionAfterRotation": true
}
Example response
{
  "integrationId": "int_123456789",
  "organizationId": "org123",
  "rotationSuccessful": true,
  "testConnectionSuccessful": true,
  "message": "Secrets rotated successfully and connection test passed",
  "rotatedAt": "2024-01-15T15:00:00Z",
  "rotatedSecretKeys": ["ApiLoginId", "TransactionKey"]
}
curl example
curl -X POST \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789/rotate-secrets" \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "newSecrets": {
      "ApiLoginId": "new-rotated-api-login-id",
      "TransactionKey": "new-rotated-transaction-key"
    },
    "testConnectionAfterRotation": true
  }'

DELETE /api/organizations//integrations/

Permanently deletes an integration and all associated configuration and encrypted credentials. Security: Admin policy
This action permanently removes the integration, including all stored credentials. It cannot be undone. If an integration is actively used by payment methods or other services, disable it first or contact support before deleting.

Path parameters

organizationId
string
required
Your organization’s unique identifier.
integrationId
string
required
The integration’s unique identifier.

Response

curl example
curl -X DELETE \
  "https://api.achievemomentum.com/api/organizations/org123/integrations/int_123456789" \
  -H "Authorization: Bearer <your_token>"