Oauth2.0 Authentication with Multiple Applications

Hi there,

I am trying to authenticate into my infusionsoft account which has 3 separate companies and one sandbox account. When my api requests the initial token I am directed to the infusionsoft login screen and when I enter my credentials it throws me out and redirects back to the calling api. Repeated attempts to run the program no longer takes me to the infusionsoft login page unless i run a new browser.

I noticed that in all of the Oauth2 examples, it appears that the API’s are accessing contact data or creating contacts without indicating the application name. Does the api need an application name? How does the API know which application under the same login credentials to use?

I copied my api code below:

require_once ‘…/vendor/autoload.php’;

$infusionsoft = new Infusionsoft\Infusionsoft(array(
‘clientId’ => ‘xxxxxxxx’,
‘clientSecret’ => ‘xxxxxxxx’,
‘redirectUri’ => ‘http://www.melaverdeglobal.info/LowBidder.php’,

if (isset($_SESSION[‘token’])) {

if (isset($_GET[‘code’]) and !$infusionsoft->getToken()) {

if ($infusionsoft->getToken()) {
$_SESSION[‘token’] = serialize($infusionsoft->getToken());

$infusionsoft->contacts('xml')->add(array('FirstName' => 'John', 'LastName' => 'Doe'));

} else {
echo ‘ Click here to authorize ’;

Here is an image of my login screen below: If I click on any one of those API it will generate an Access and Refresh Token…however how do I tell the API code to do this? Any help would be most appreciative.

OMG it worked…I don’t know what happened but I have been working on this since Saturday. I think there was a bug in the infusionsoft application because this time InfSft didn’t kick me out when I tried to log in. When I had to authenticate a window popped up and let me pick which of the applications the access token would apply to.

Hi @leonardo_cutone, I just wanted to make sure you are still good to go with your authentication. If you are using the default Oauth examples in the php sdk I would recommend invalidating the session next time, if you run into this again. This should force re-authentication and allow you to grant a new access/refresh token.



The OAuth process includes a user authenticating with their login credentials for access and then selecting an app they have access to for authorization. This means that the access token that is returned represents authorization specifically between your developer credentials and the authorized app only. See my video for more details on this:

Thank you John

I have a question ——

If I have multiple members of my staff working on API’s or the same API, should each be using their own developer credentials or should/could they share the same ones?


They can share the same ones but that is really up to some of the details. Are they working on different projects or the same project but different parts (as an example)

yes they are working on the same API but each has a different function to implement.

Very truly yours,

LC Associates

Leonardo Cutone

President & Founder

O: 212.579.4236

D: 646.588.1742

So then I would use the same credentials