Adding/Removing/Managing Contacts by API & Access Tokens don't make any sense

My goal is to manage my contacts by API. I am using the PHP SDK.

I have a website, I have a CRM, and I want to use infusionsoft for email marketing.

When I push a new lead on my CRM, I want to push the lead to infusionsoft as a new contact, or modify the contact if it already exists. I want this all to happen in the background. Pretty straightforward stuff.

Now, I am trying to implement this and I’m stuck at the access token part. First of all, I don’t fully understand the access token logic because the documentation is weak, to say the least.

I have registered an app on mashery for which I have a clientID and secret.
I go here, hit the API Access link, and I generate an access token and a refresh token:

On my script, my understanding is that I first need to create my infusionsoft object as such:

$infusionsoft = new Infusionsoft\Infusionsoft(array(
‘clientId’ => env(‘INFUSIONSOFT_CLIENT_ID’),
‘clientSecret’ => env(‘INFUSIONSOFT_SECRET’),
‘redirectUri’ => env(‘APP_URL’).‘/api/v2/infusionsoft/auth’

Then, I need to set a token, as such:
$infusionsoft->setToken($myToken); // here i use the access token I generated

And then I try to use the infusionsoft object to start managing contacts, but I get a not so nice Token Expired Exception. I try again with the refresh token, same problem.

I look for guidance in the PHP SDK, inside the addWithDupCheck.php file, but that basically gets you to use the API to generate an authorization URL, click a button, to generate a code with which you generate an access token, which defeats the purpose of using an API because it requires you to manually click a button.

So, I’m stuck.

(a) can someone explain the logic behind these tokens?
(b) how can I automate token generation to support my use case
(c) what am I doing wrong?

OAuth has some key differences and IS has some additional expiration requirements than other authentication methods. I have a video that might help clear some of it up:

30 minute video?
Cant you guys just write up API and SDK documentation

So exaggerating a 17 minute video to start with. By ‘You Guys’ you are referring to the 80% community (not IS employees) that helps others on their own time completely free of charge.

care to try again :stuck_out_tongue_winking_eye:

Sorry but none of this explains why my newly generated access token and refresh tokens don’t work.

I understand that I need to store these tokens in my DB and refresh them every 24 hours (and I built most of this functionality out already) but none of this helps explain why I get a Token Expired Exception.

I am bypassing the requestAccessToken()/auth code steps by getting the tokens through infusionsoft’s website. I don’t need to call refreshAccessToken() yet because 24 hours have not passed.

Okay so I hope this helps someone else using the PHP SDK.

What I was doing wrong is that I was using the access_token string as the parameter when calling $infusionsoft->setToken($token)

$token should actually be a Token object, as such:

$token_data = [
‘access_token’ => ‘YOUR_ACCESS_TOKEN’,
‘refresh_token’ => ‘YOUR_REFRESH_TOKEN’,
‘expires_in’ => ‘86400’
$token = new Infusionsoft\Token($token_data);

Now from here, when your token expires, what I think you have to do is call this function:
$new_token = $infusionsoft->refreshAccessToken();

then you can grab $new_token->getAccessToken() or $new_token->getRefreshToken(), save them to your database, and take care of future API requests with the refreshed token.

And yes, you can grab your initial access and refresh tokens from here

Correct, that is one of the gotcha’s that the video warns against :stuck_out_tongue_winking_eye: We’ll mark this as solved to make it easier for those searching to find.