Help with PHP legacy token

We have been using Infusionsoft splash pages for customers to signup for trials of our applications for many years without issue. Our trial system requires the Customer to know their trial ID for use when they log in. Our backend uses PHP to pass the trial ID to the user’s Infusionsoft contact a couple of minutes after they sign up. That way we can email them their trial ID as a reminder in future emails.

We accomplished this by saving the latest accessToken and the refreshToken in a database that updates every time a user signs up for a trial. The expire time of the token used to be 45 days, therefore, we had no issues for years. In the last few weeks it appears the expire time has been reduces to 24 hours and now customers are receiving emails with blank trial IDs in them.

Our code to refresh the token when adding the TrialID looks like this:

if ($infusionsoft->getToken()) {
    // email us if the token doesn't work anymore

We now have to run a link that logs into infusionsoft and click allow every single day or else customers don’t get their trial IDs. This is not sustainable as there appears to be no way to automate this.

That code looks like
echo ‘Click here to authorize’;

After talking to support they told us to use legacy tokens as they never expire. However, we are struggling to find the PHP code to attach the our legacy key we got from our API page.

ChatGPT says to use
$infusionsoft->setApiKey(‘Your Legacy Key’);

But we are getting the error
Uncaught Error: Call to undefined method Infusionsoft\Infusionsoft::setApiKey()

The ‘Click here to authorize’ code looks like $infusionsoft->getAuthorizationUrl()

Matthew take a look at the documentation on this page:

You need to pass a header w/ the key inside of it, and this bypasses the OAuth.

“X-Keap-API-Key”: “ProvideYourKeyHere”

I am a bit confused, is that using an API endpoint? How does that work with the PHP Infusionsoft library class?

$infusionsoft = new \Infusionsoft\Infusionsoft(array(
‘clientId’ => ‘’,
‘clientSecret’ => ‘’,
‘redirectUri’ => ‘’,

That is a great question.

I actually started writing my own library to work w/ the REST and XML APIs because of the token issue you’re having and the composer requirement.

It appears we might have to do the same. Thank you for your help!

After looking at the Infusionsoft code, I don’t see how you can use it w/o using OAuth2 exclusively.

I did find this in the docs:

… however when you’re back in the same situation if the cron fails to run at any given time.

Yep, that is a good idea. But we would need a way to get notified ASAP if the cron job fails to run and their are lots of ways that can happen. Its most likely better to start over I guess.

Thank you again for pointing that out.