Accessing Contacts via REST from a service/daemon

I have to integrate a javascript (node.js) application which needs to query the contacts from Infusionsoft.

As I was looking, REST is recommended way, but it requires a user action which is redirected to Infusionsoft account.

Since the REST API’s are accessed via backend service/daemon, I cannot use Oauth authentication. How do I use REST API’s?

Or I have to follow something else?

It is a one time authorization. After that you can easily use the obtained access token and refresh tokens to do anything you need on the backend service.

Is your application for integrating with your own Infusionsoft account, or for a third party user?

If the former, you could follow the OAuth2 authentication pattern by hand (personally, I use Postman for testing) and retrieve your refresh token / access token, then it is just a matter of calling the token endpoint to refresh it regularly.

If you are building a third party user application however, then the flow should use the OAuth2 redirect pattern for an initial authentication, after which your return endpoint will be passed the refresh token / access token, and you can then persist them for programmatic refreshing and usage.


So you are saying I can authentic once and use that access Token and
refresh Token for it?

Correct. Access tokens are good for 24hrs and the refresh are good pretty much forever until they are used. Once it is used to get a new access token then you will receive a new refresh token along with it.


I would try that approach.
I am accessing using my own infusion soft account.

Well ifcmy account is disabled or deleted then I have to get a fresh
authentication via OAUTH using another account?

In general, yes.

1 Like

How did you get the code via OAUTH via Postman? I was getting ERR_403_CORS_ORIGIN_DENIED error and got the solution after reading:

Are you aware of any native clients which I use for testing? Reason I am asking it, I am not aware what infusion soft uses to differentiate browser based and non-browser based token requests

There is the browser version of Postman and the native version. Make sure you use the native version. The browser version enforces CORS.

I used Linux X64 native version and still received CORS error. That requires any adjustment on native client?

Under Authorization are you using OAuth 2.0? If you use Postman’s authorization stuff it should not send CORS headers. Check out these docs (the OAuth 2.0 section) and see if that helps.

Hi there,

How can I make API call via postman, I am making the call but getting an error -

“error”: “InvalidClientIdentifier”,
“error_description”: “Invalid client identifier {0}”

I am passing the params mentioned in this article

Can you please suggest?

My requirement is to refresh the token, I have generated the initial one via manual OAuth now need to refresh this for my next requirement, I just need to know how to make the postman call, because I am getting errors and kind of stuck.

Looking forward to hearing from you…


Can you share your postman settings via screenshot,

Your Auth tab should be like: 2022-04-07_22-45-42
Your Header tab should be like: 2022-04-07_22-48-07
Your Body tab should be like: 2022-04-07_22-48-49

1 Like