Is there a way to grab the authorization code from json response

is there a way to grab the authorization code from json response? i’ve read you have to get it from the query parameters after the redirect to the redirect_uri.

Depends on how you’re going after it. The SDK allows that to be automated, but if you’re like me and prefer directly reaching out to the endpoints without anything in the middle, then follow the examples I give in my video below:

john, great video! i’m up to the authentication token part and i get the popup login box to and enter my valid credentials, but the box keeps going away after entering creds. seems like the creds aren’t good but not sure why it won’t take. i’m using talend (formerly restlet). any thoughts or have you run into this?


The login when completed sends back information to your callback url…that url should contain code to capture the body which contains the information you need.

do you know if we have to post the payload as a byte array like in this post?

i thought we could post as json payload.

Hi, @Steve_Yoo,

When you call the login/auth endpoint, you’re required to provide a callback value. Think of a callback value as a webhook that triggers when an auth attempt succeeds or fails. The auth endpoint then sends back to the URI a request to the code you must provide. That code can read the body of that request. Within that body there is a json element that contains all you need.

how would i validate the credentials for when it keeps returning service unavailable.

I mean I definitely understand everything you mentioned, but I think I have a small piece of information wrong. I keep getting the 403 developer inactive response. Know how to get past that?

So first, go into your mashery account ( and make certain that your application status is active. If not, then you’ll need to get with developer support to review it. That’s the most common reason for that message.

definitely says active

Then the next part is to ensure that the first steps are happening. Sometimes people believe that the first token they get back is an access token. It’s actually an auth token that gives you permission to request the access/refresh tokens. Does this match up with your understanding? This is also another reason the developer message comes up :wink:

Yeah I’ve seen that in the community posts. I grab the auth code from the url query parameters and use in my access token call. I think I am sending a piece of information wrong somewhere. I keep getting that pesky developer inactive message. Other thoughts?

Thanks for all your patience and help by the way! After I get it working I am going to put up a detailed post on how to do it and my pitfalls.

@John_Borelli good news! got the authentication figured out. onto verifying the hook! thanks for all the help. i’ll probably make a post/video about the details as someone else is bound to run into this issue. my main things were my infusionsoft application’s redirect uri was not filled out and had to match.

Hey, @Steve_Yoo,

Glad to hear :wink:

Just in case, my video on validating webhooks is also below:

yeah i viewed this video, but i’m sure i missed something so will check again. wondering if the app query string parameter will do it. let you know tonight.

@John_Borelli do you know if localhost urls can get verified? or does it have to be something in production?

I haven’t tried localhost as I just run an SSH to my dev server, BUT some parts of the process require https (though I don’t know bout the webhook part because I always run https so I’ve never tested that either). Is your local host setup to allow http protocols incoming through port 80? You’d have to be setup to act as a web server for that to work.

@John_Borelli any ideas why one might get when issuing the POST to create a hook?

596 Service Not Found


That server response is usually because the endpoint is incorrect (check caps as well because they do matter) and/or because https may be necessary to make the call from…ie if your call is made from http the server will not recognize it as a valid request.

i exposed localhost endpoint using ngrok but still not verified. i’m hitting breakpoints and response is going back with header X-Hook-Secret as documentation says. thoughts?