Udine, May 31st 2019
SupplHi is the innovative Vendor Management platform for industrial equipment and services, provided through a SaaS model. Since SupplHi functionalities are part of the larger cycle of processes that involve Procurement and Supply Chain activities, SupplHi’s system integration with ERP is a traditional step, especially for larger Buyer organizations.
This integration is made easy by a complete set of Application Programming Interfaces (APIs) provided by the SupplHi Tech Team. In parallel, the SupplHi system maintains the possibility of manual alignment through Microsoft® Office Excel / XML standard imports, especially for smaller-size Buyer organizations and/or for gradual adoption.
PURPOSE OF SYSTEM INTEGRATION
SupplHi’s SaaS is 100% on cloud. The hosting is based on Amazon Web Service (AWS), this means access anytime, from anywhere, without the need to download or install any software, and no long waits for new features. SupplHi does not require individual costly IT development and it is easily accessible by all colleagues in Customer’s organization. Through SupplHi, Buyer organizations avoid complex IT development on their own and just focus on the SupplHi platform setup and on the system integration.
System integration with Buyer organization’s ERP and CAD design systems is important to allow the constant alignment and synchronization of the flow of information related to Vendors for Scouting, Qualification, Performance Evaluation and other related purposes. In particular, this is relevant for the Procure-to-Pay (P2P) cycle and for the subsequent Contract Management.
Integration with Buyer organization’s systems is done by contacting – through a secure channel (HTTPS) – the API Gateway by SupplHi. This – also in accordance with ISO/IEC 27001:2013 requirements – uses different indicators (metadata, client, market, geography…) in order to route the systems of the Buyer organization to the appropriate micro service when sourcing the requested information.
THE MAIN APIs
SupplHi offers several REST APIs to integrate SuppHi platform with the systems used by its Customers. The list of the eight main APIs is provided below:
- GetVendorData allows to retrieve all Vendor companies present on SupplHi platform and relative data.
- UpdateVendorData allows to update information of Single or Multiple Company on SupplHi platform;
- GetVendorDataHistory allows to get historical information about Single or Multiple published field of a Company on SupplHi platform.
- ImportPurchaseOrders allows to create or update a list of Purchase Orders in the SupplHi platform.
- ImportProjectName allows to create or update a list of Projects in the SupplHi platform.
- ImportExperienceEvidences allows to import on SupplHi platform some experience evidences related to Purchase Orders on which performance evaluation processes of a Vendor will be executed.
- GetVendorPerformanceData allows to get the results of a performance evaluation processes made on SupplHi platform, about Single or Multiple Company.
- LockVendor allows to temporarily lock status of a Vendor regardless of its completion percentage of Vendor Registration and Vendor Questionnaire.
USER SYNCRONIZATION AND SINGLE SIGN ON (SSO)
In addition, SupplHi allows system integration with the API “Users” for on demand synchronization of Provisioning and Deprovisioning of Buyer organization’s Users having access to SupplHi platform, including possibility of Single Sign On (SSO).
SECURITY AND AUTHENTICATION
Access to the SupplHi API is subject to authentication and authorization. This process takes place via the OAuth 2.0 protocol, through which the calling party must specify a ClientId and a Client Secret in order to obtain an authentication Token as an output.
The call to the API is “stateless”, so for each call the Token generated in the previous step must be sent. The authorization process, in addition to verifying the validity of the Token checks that the associated user is authorized to perform that type of transaction.
APIs are delivered on an encrypted channel (HTTPS) with a certificate generated using an RSA_2048 (or newer) algorithm. The certificate used is renewed every 13 months and therefore, depending on the level of security used by the customer, it may be necessary to re-import it into your certification authority.
To avoid DoS attacks the server accepts a limited number of calls per minute (typically 100) returning a status HTTP 429 (Too Many Requests) if the threshold is exceeded. In case needed, it is possible to configure the threshold in the appropriate way.
The SupplHi APIs are subject to versioning which may be indicated in the Service URL. SupplHi endeavors to minimize the maintenance of integrations but it may happen that the new version of an API is not backwards compatible with the previous one. In such cases, Customers may continue to use the previous version of the API that will be maintained for 12 months. After this period, the deprecated API will be removed, and the Customer will necessarily have to use the new API.
Please contact the SupplHi Team at firstname.lastname@example.org for the complete IT documentation on APIs.