PIPO (Punch-In/Punch-Out)
Embed PrintNow ordering into external procurement systems with dual-auth user management, projects, and orders.
The PIPO (Punch-In/Punch-Out) endpoints enable external procurement and ordering systems to embed PrintNow workflows. PIPO uses a dual-authentication model: API-level Basic Auth (same as all other endpoints) plus a user-level session token for identifying the end user within the external system.
PIPO endpoints have a lower minimum license requirement of BusinessPlus (vs. Enterprise for other endpoints).
Dual Authentication
PIPO requests require two layers of authentication:
- Basic Auth -- Standard API token/key pair in the
Authorizationheader (same as all other Enterprise API endpoints). - Session Token -- A user-specific session token in the
X-PN-TOKENheader, obtained by calling the Login endpoint. This token identifies which customer is performing the action.
curl -X GET https://api.printnow.com/api/v2/pipo/user/info \
-u "YOUR_TOKEN:YOUR_KEY" \
-H "X-PN-TOKEN: SESSION_TOKEN_HERE"Session tokens expire after a period of inactivity. Each API call that includes a valid token automatically refreshes its expiration. If a token expires or is invalid, the API returns 403 Forbidden.
Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST | /api/v2/pipo/user/login | Basic | Login and get session token |
GET | /api/v2/pipo/user/logout | Basic + Token | Logout and invalidate session token |
GET | /api/v2/pipo/user/loggedin | Basic + Token | Check if session is still active |
GET | /api/v2/pipo/user/info | Basic + Token | Get current user info |
POST | /api/v2/pipo/user/info | Basic + Token | Update current user info |
POST | /api/v2/pipo/user/create | Basic | Create a new user account |
POST | /api/v2/pipo/user/createtemp | Basic | Create a temporary user account |
POST | /api/v2/pipo/user/convert | Basic + Token | Convert temp user to permanent |
POST | /api/v2/pipo/user/transfer | Basic + Token | Transfer temp user to existing account |
GET | /api/v2/pipo/user/istemp | Basic + Token | Check if current user is temporary |
GET | /api/v2/pipo/project/all | Basic + Token | List all user projects |
GET | /api/v2/pipo/project/{id} | Basic + Token | Get a specific project |
DELETE | /api/v2/pipo/project/{id} | Basic + Token | Delete a project |
POST | /api/v2/pipo/order/create | Basic + Token | Create an order from projects |
GET | /api/v2/pipo/order/{id}/process | Basic + Token | Trigger order processing |
Login
Authenticate a storefront user and receive a session token. The token is used in the X-PN-TOKEN header for all subsequent PIPO calls.
POST /api/v2/pipo/user/loginRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Customer username. |
password | string | Yes | Customer password. |
storefront_id | integer | Yes | Storefront ID to authenticate against. |
Example Request
curl -X POST https://api.printnow.com/api/v2/pipo/user/login \
-u "YOUR_TOKEN:YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"username": "janesmith",
"password": "userpass123",
"storefront_id": 1
}'Returns a session token string on success. Returns 401 Unauthorized if the username or password is incorrect.
Logout
Invalidate the current session token.
GET /api/v2/pipo/user/logoutCheck Login Status
Determine if the current session token is still valid. Also refreshes the token's expiration.
GET /api/v2/pipo/user/loggedinReturns true or false.
Get User Info
Retrieve the current user's profile information.
GET /api/v2/pipo/user/infoUser Response Fields
| Field | Type | Description |
|---|---|---|
id | integer | Customer ID. |
username | string | Login username. |
first_name | string | First name. |
last_name | string | Last name. |
email | string | Email address. |
is_temp | boolean | Whether this is a temporary user. |
storefront_id | integer | Storefront ID (only in create/temp requests). |
Update User Info
Update the current user's profile. Only non-temporary users can be updated. Password changes require providing the current password for verification.
POST /api/v2/pipo/user/infoRequest Body
| Field | Type | Description |
|---|---|---|
first_name | string | Updated first name. |
last_name | string | Updated last name. |
current_password | string | Current password (required only when changing password). |
new_password | string | New password (only applied if current_password is valid and different from new_password). |
Create User
Create a new permanent user account on a storefront. Does not require a session token.
POST /api/v2/pipo/user/createRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
storefront_id | integer | Yes | Target storefront ID. |
username | string | Yes | Login username. |
password | string | Yes | Account password. |
email | string | Yes | Email address. |
first_name | string | Yes | First name. |
last_name | string | Yes | Last name. |
Returns 200 OK on success. Returns 409 Conflict if the username or email is already in use (with a descriptive message like "duplicate user name" or "duplicate email").
Create Temporary User
Create a temporary (anonymous) user account. Returns the user object with system-generated credentials.
POST /api/v2/pipo/user/createtempRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
storefront_id | integer | Yes | Target storefront ID. |
Returns the created User object with is_temp: true.
Convert Temporary User
Convert the current temporary user session into a permanent account. Requires the session token of a temporary user.
POST /api/v2/pipo/user/convertRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Desired username. |
password | string | Yes | Account password. |
email | string | Yes | Email address. |
first_name | string | Yes | First name. |
last_name | string | Yes | Last name. |
Returns 200 OK on success. Returns 409 Conflict if the username or email is already in use.
Transfer Temporary User
Transfer the current temporary user's data (image albums, saved projects) to an existing permanent account. The session token is updated to point to the destination user.
POST /api/v2/pipo/user/transferRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Username of the destination account. |
password | string | Yes | Password of the destination account (for verification). |
Returns 200 OK on success. Returns 403 Forbidden with specific error messages:
| Message | Cause |
|---|---|
token is invalid or expired | Session token is invalid or expired. |
current user is not temporary | The session user is not a temporary account. |
username does not exist | Destination username not found on the storefront. |
password is incorrect | Destination account password verification failed. |
Check If Temporary
Determine if the current session user is a temporary account.
GET /api/v2/pipo/user/istempReturns true or false.
List Projects
Retrieve all saved projects for the current session user.
GET /api/v2/pipo/project/allProject Fields
| Field | Type | Description |
|---|---|---|
id | integer | Project (product) ID. |
name | string | Project name (the product name of the saved design). |
external_id | string | Integration ID from the original product template. |
Get Project
Retrieve a specific project by ID. The project must belong to the current session user.
GET /api/v2/pipo/project/{id}Returns the Project object. Returns 404 Not Found if the project does not exist or belongs to a different user.
Delete Project
Delete a saved project. The project must belong to the current session user.
DELETE /api/v2/pipo/project/{id}Returns 200 OK on success.
Create Order
Create an order from one or more product/project IDs. The order is assigned to the current session user and given the storefront's first (lowest-sequence) order status.
POST /api/v2/pipo/order/createRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
product_id | integer[] | Yes | Array of product IDs to include in the order. Invalid IDs are silently filtered out. |
external_id | string | No | External integration identifier to associate with the order and its items. |
Example Request
curl -X POST https://api.printnow.com/api/v2/pipo/order/create \
-u "YOUR_TOKEN:YOUR_KEY" \
-H "X-PN-TOKEN: SESSION_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{
"product_id": [42, 43],
"external_id": "EXT-ORDER-001"
}'Returns the created order ID (integer) on success. Returns 400 Bad Request if no valid product IDs are provided.
Process Order
Trigger file processing (merge) for an order. This sends a request to the admin system to begin generating print-ready files for the order's items.
GET /api/v2/pipo/order/{id}/processThe order must belong to the current session user. Returns 200 OK on success.
PIPO Workflow
A typical PIPO integration follows this flow:
- Create temp user --
POST /api/v2/pipo/user/createtempto create an anonymous session. - Login --
POST /api/v2/pipo/user/login(or use a known account's credentials) to get a session token. - Design -- Direct the user to the PrintNow editor to create or modify designs. Saved projects are linked to the session user.
- List projects --
GET /api/v2/pipo/project/allto see what the user has designed. - Create order --
POST /api/v2/pipo/order/createwith the desired project/product IDs. - Process order --
GET /api/v2/pipo/order/{id}/processto trigger file generation. - Convert or transfer -- If the user was temporary, either convert to permanent (
POST /api/v2/pipo/user/convert) or transfer to existing (POST /api/v2/pipo/user/transfer). - Logout --
GET /api/v2/pipo/user/logoutto end the session.
Related Pages
- Authentication — Basic Auth credentials required alongside PIPO session tokens
- Customers — alternative customer CRUD endpoints without dual authentication
- Orders — retrieve order details and download files after PIPO order creation