I am attempting to integrate the one of the forms on a clients website of mine to use create contacts when the form is submitted. Currently I am creating a new access token manually and replacing daily because I can’t seem to figure out this OAuth process for simple API calls.
This is a simple brochure site that has a single form and the users should not need to sign into Infusionsoft. I know there has to be a way to do this. I need to somehow authenticate the domain ( app ) without the users who are viewing the site / submitting the form that its connected. I am saving the refreshToken in the database and requesting a new refresh token and that is all working great. When I pass the accessToken back to the front end JS to make an HTTP Post request to: https://api.infusionsoft.com/crm/rest/v1/contacts I get Developer Inactive.
When I generate a token manually at Keap REST API to test the api with my client ID and client secret and use that token that is being used to test the API it works perfectly.
Not sure what is going on, I should just be able to refresh the token right?
This is how I would do it, which can done within several minutes.
- Get the API Encrypted Key.
- Use the iSDK if you want to save time.
- Use the XML-RPC protocol to call the “addWithDupCheck” API function, eg:
xml-rpc - Keap Developer Portal
No need to worry about OAuth and Tokens, etc.
You can do what Pav has suggested but it would take some changes from what you’re describing so it’s really dealers choice which way you go. So I’m including a video I did regarding OAuth and Infusionsoft if you choose to stick with that:
Hi John, I have watched this video, and I guess I don’t understand why I am getting that Developer Inactive Error, when I have already authenticated the app and should be able to refresh the accessToken with the refreshToken.
So this happens under limited conditions.
- the refresh token was used already and you’re not using the new one sent.
- It’s often not realized that an access token was requested again, which invalidates the one you got. So this might happen when you use your dev credentials, with the same app, on the interactive IO REST page…then the one code got would no longer be valid.
- if the refresh token was used and then is getting used again, that also won’t work. Once a refresh token is used, BOTH access and refresh tokens you currently have are no longer valid. When you do use the refresh token, a pair of brand new tokens are provided and those are the ones to use…and so on and so forth.
Does something like this look right? I return the access token as response to a js ajax call that is running this script. The JS then hits the api.infusionsoft endpoint for contacts.
$refresh_token = get_option('infusionsoft_refresh_token');
$client = new GuzzleHttp\Client(
[ 'headers' => [ 'Content-Type' => 'application/x-www-form-urlencoded', 'Authorization' => 'Basic ' . base64_encode('clientID' . ':' . 'clientSecret') ] ]
$res = $client->request('POST', 'https://api.infusionsoft.com/token', ['form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => $refresh_token,
$tokens = json_decode($res->getBody());
$access_token = $tokens->access_token;
$refresh_token = $tokens->refresh_token;
Are you storing the current tokens in a db table or file? This is why I re-posted my video. I go over the need for this in it.
Normally you would store the tokens in a db table with the time to live (ie 24 hours which IS returns in seconds) and the date/time the tokens were gotten. Then, before the access token expires, using a background service/process, you request the refresh and access tokens (the new set) and write it to the db table again…
then all you need from your form is to read the access token from the db table…no more worrying about that refresh cycle on the front end
Yes I am storing the refreshToken in the database. The form gets filled out so infrequently that I am requesting a refresh whenever the form is submitted. I return the access token for the $res->getBody() and I am getting that developer error.
so just for your edifice, the refresh token is good for at least 3 months but they may have increased it to 6 months. The access token expires in 24 hours but the refresh can be used long after…ie, it probably isn’t necessary for you to worry about it at the time the form loads but it’s much easier in the long run if that process happens on a cron job and then it’s done…no worrying about it from there…just reading the token when you need it at that point. That’s the recommendation anyway
I hear ya, I’ll dig into a bit more and report back