Skip to content
Developerhome
Product homepage
X3

Creating a connected application to authenticate requests

  Less than to read

GraphQL API calls require a bearer token in the authorization header to authenticate requests. This token is based on the JSON Web Token (JWT) standard. This token is mandatory to create a client_id and a secret. In Sage X3, those tokens are associated with an instance of the connected application entity.

  1. Open: Administration > Administration > Settings > Authentication > Connected applications.

  2. Click the New connected application button.

  3. Fill in the table:

    • Name: A name to identify the connected application. For example, adc.

    • URL: The full URL to the API endpoint. For example, http://myx2Server:8124/xtrem/api.

    • Tokens validity: The maximum lifetime in seconds of the token. For example, 600.

    • Allowed user: The login of the Syracuse user to be used to authenticate. Use a dedicated user for API calls. For example, adc.

  4. Click Save and save both the client ID and secret in a safe place.

TLS/SSL troubleshooting (Postman)

If connecting to GraphQL through Postman, and Postman fails TLS verification (e.g., “Self-signed certificate in certificate chain”), your environment may be missing the intermediate or root CA for your Sage X3 endpoint.

Quick fix for Postman:

  • Download the GoDaddy root and intermediate certs:
    • gdroot-g2.crt (root)
    • gdig2.crt.pem (intermediate)
  • Concatenate into a chain file (gdchain-g2.pem), then add it in Postman Settings > Certificates > CA Certificates.

See the full step‑by‑step guide: Postman TLS setup for X3 GraphQL (CA chain).