I already have a developer account and follow the documentation when request access token from here
Generally what I am going to achieve is to access my own accounts data.
Is there a problem with my developers account
More often than not, this question comes from misunderstanding the oauth flow. You’ll first get an authorization toke. That token is not your access token. You’ll us that auth token (good for about five minutes) to get your access/refresh token pair. The access token will be good for 24 hours. The refresh token is good for either 3 or 6 months (I forget which as it’s changed a number of times). I’ll place my video on this below, but if you’re only accessing your own app, you may want to go for using the api token rather than oauth…before you ask, no, it’s not going to be sunset anytime soon.
@John_Borelli I did try generating access token using api access via https://accounts.infusionsoft.com/app/central/home and get access and refresh token with client_id and _client_secret generated from developers account and it successfully response with access_token and refresh_token.
But when I request access_token using the rest api https://api.infusionsoft.com/token with same client_id and client_secret it says
{
“error”: “invalid_request”,
“error_description”: “Invalid Authorization Code”
}
I tried to follow the documentation here Getting Started with OAuth2 - Keap Developer Portal in section Access Token Request and all params is on body form data
When refreshing the token it says
{
“error”: “InvalidClientIdentifier”,
“error_description”: “Invalid client identifier {0}”
}
Here’s the header params
in authorization I already did " Basic base64_encode(CLIENT_ID:CLIENT_SECRET)" still same error
Here’s the body params
the refresh_token is coming from https://accounts.infusionsoft.com/app/central/home base on generated token
I don’t think you’d need to base64 the basic auth and I think you’re supposed to include client secret with every call even when it’s not part of the oauth process. Regardless, I’ll paste a code segment below that I use often. It is easier to use the sdk for token management and then use straight curl calls for functions.
// php snippet for oauth process
if (!isset($_GET['code'])) { // either first run or access token
if (isset($_GET['access_token'])) {
$access_token=$_GET['access_token'];$obj['access_token']=$access_token;
$refresh_token=$_GET['refresh_token'];$obj['refresh_token']=$refresh_token;
$expires_in=$_GET['expires_in'];$obj['expires_in']=$expires_in;
$json=json_encode($obj);
file_put_contents('.oauth', $json);
// write the above to a file
} else {
header('Location: '.$authURL);
}
} else {
$authToken=$_GET['code'];
$grantType='authorization_code';
$redirectURI='https://apiroi.net/DrKamranAfzal/OAuth/index.php';
$tokenURL=$accessTokenURL.'?code='.urlencode($authToken).'&grant_type='.$grantType.'&client_id='.urlencode($clientId).'&client_secret='.urlencode($clientSecret).'&redirect_uri='.urlencode($redirectURI);
<?php
//echo $response;
//header('Location: '.$tokenURL);
}
The refresh cycle runs on CRON every hour and checks for any token(s) that are 4 hours or less from expiring. Again, the refresh cycle works with the sdk and then any functional calls I normally use curl for
$accessToken=$row['AccessToken'];
$refreshToken=$row['RefreshToken'];
$dateTime=$row['DT'];
$appName=$row['AppName'];
$appObj=new iSDK();
$appObj->setToken($accessToken);
$appObj->setRefreshToken ($refreshToken);
$appObj->setSecret (CLIENT_SECRET);
$appObj->setClientId (CLIENT_ID);
$appObj->setAuthEndpoint (REDIRECT_URL.REDIRECT_FILENAME);
$appObj->setTokenEndpoint (TOKEN_URL);
$appObj->setAuthEndpoint (AUTH_URL);
$new = $appObj->refreshAccessToken ();
Just to make sure, because I am not that familiar with postman, did you really did a base_64 encode of the client_id + : + cielnt_secret? Also if you got a successful response on the refresh token and you didn’t notice, your current tokens will not work so you would need to request new ones.
1 Like
That was the answer, but I can’t still use the Access Token Request from here Getting Started with OAuth2 - Keap Developer Portal only use refresh token.
Cheers!