Which keys for the API access to accounts.infusionsoft.com?

Hello,

I was using the .NET SDK in an MVC application to add customers to InfusionSoft. I was then able to log into https://accounts.infusionsoft.com/app/central/home and see the updated customers.

However, the SDK is not supported in .NET Core and we have chosen to use this framework.

Is it possible to connect to my dashboard account using the REST api?

The SDK used the app name and generated token to call InfusionSoft.

The developer portal provides OAuth keys but i do not think that is linked with the account on the dasboard.

Any advice?

OAuth requires a client_id and a client_secret. Also, the redirectUrl is normally known by the OAuth provider.

If i complete OAuth using my developer key and secret, i am directed to the login and i use my dashboard credentials.

post = new Dictionary
{
{"client_id", _appSettings.InfusionSoftClientId}
,{"client_secret", _appSettings.InfusionSoftSecret}
,{"grant_type", "authorization_code"}
,{"code", token}
,{"redirect_uri", _redirectUrl}
};

{"error_description":"Missing or invalid service_name","error":"invalid_request","error_uri":"xml-rpc - Keap Developer Portal"}

Regards,

Daniel

Hey Daniel, As long as you are using the “api access” link next to the corresponding application you wish to run the contact add against, you should able to make calls to that specific application. Are you generating the access token using the “api access” link on https://accounts.infusionsoft.com/app/central/home or by using the framework to get an access token?

@Carlos_Ochoa
Ok.

https://accounts.infusionsoft.com/app/central/home

I went to Settings > Application and generated an Encrypted Key.

This and the app Id were used with the C# client.

        const string application = "YOUR APPLICATION NAME HERE";
        const string apiKey = "YOUR API KEY HERE";

        var customer = new Customer(application, apiKey);

I can no longer use this SDK with C#.

I however can make HTTP requests to the REST API.

When i open up the dashboard there is a link next to my app called “API Access”.

It’s heading is OAuth Client Credentials

I have tried to enter the credentials from my developer portal account here, but i don’t think i got it right as per the error above.

Hmm, just looking at this snippet, it looks like it is referring to the legacy key. The legacy key is the one located in Settings > Application and used with the xmlrpc api and typically points to https://yourapp.com/api/xmlrpc. If the request is going here, I suggest using the OAuth url below. OAuth on the other hand is a separate authentication from the legacy api key and you can still use the legacy api(xmlrpc) with OAuth.

For this problem in particular, I would need to see where the actual request is going to…

Here are the urls for each api when using OAuth, which we highly recommend.
xmlrpc: https://api.infusionsoft.com/crm/xmlrpc/v1
REST: https://api.infusionsoft.com/crm/rest/v1

Here are some helpful links to get started with OAuth as well as some of the jargon that can be thrown around in other posts among the community:
Glossary
Getting Started with OAuth

@Carlos_Ochoa

It’s definately the REST Api. This requires the developer portal login.

It’s the separation between the dev portal and the dashboard that is throwing me. InfusionSoft has been quite bountiful when it comes to developer support!

I have a 4 digit app ID and 32 character key (From the dashboard).

I have a 24 character client id and 10 character client secret from the developer portal for the REST API, and it does return an access code. When asked to login to infusionsoft during authentication, i provide the login details for the dashboard account.However, when i call the /contacts end point, with the successfully acquired token, on the REST API i get the following error message.

“error_description”:“Missing or invalid service_name”,“error”:“invalid_request”,“error_uri”:“xml-rpc - Keap Developer Portal}

Can you give us the actual request you are making. It appears you are trying to hit /contacts on the accounts.infusionsoft.com domain. That is incorrect you need to use https://api.infusionsoft.com/crm/rest/v1/contacts

“API Access” is used to allow you, as an app owner, to cancel someone else’s access to your app. It is not how you yourself connect the api to your app.

API Access is new in Account Central. It is designed to allow app owners to create authorization codes manually to give to a developer. Also as a developer who has access to an application and a client_id and client_secret can generate an access token.

@bradb,

When’d they put that in there? lol I’ve been looking at our partner login so my personal has it but I just wasn’t seeing it

@bradb @John_Borelli

HI Guys.

When using the API Link i can check it out in Chrome developer tools… here is the response to https://accounts.infusionsoft.com/app/oauth/userToken which is the url used by the API Access panel in the Dashboard. However, this already has the authorization header from signing into the account (Authorization:Basic=).

{“scope”:“full|MyAppName.infusionsoft.com”,“access_token”:“”,“token_type”:“bearer”,“expires_in”:86400,“refresh_token”:“”}

Now, i am trying to generate the key from an admin panel for use with my Web App.

https://developer.infusionsoft.com/tutorials/making-oauth-requests-without-user-authorization/

When i use a C# Http client i get the following response using the REST Api to grant an access token.

Response - Developer Inactive

However, if i a manually generate the access token from API Access my HttpClient can access my Infusionsoft dashboard information. This means i have to copy the access token and refresh token from my InfusionSoft dashboard and paste it into an my Web Apps admin panel and submit. It can then function as intended. I would like to automate this.

The documentation does say that the “Scope” parameter in the REST Api is only valid with “full”.

Is it possible to automatically grant access without using the API_Access in the Dashboard?

Regards,

Daniel

@Gavin_Nathan For future reference, please do not include any sensitive information in public posts. Sensitive information includes client_secret, access_token, refresh_token, basic auth headers…etc. If you do need to ever send sensitive information for debugging purposes, only directly message it to someone that is labeled as “Staff”.

A little over a week I think. It is fairly new.

@Gavin_Nathan it is a little unclear to me what you are trying to do exactly. The calls that are made in the Account Central application to our backend are internal use only. I would stear clear of trying use our internal endpoint. You should be attempting to get Access Tokens via https://api.infusionsoft.com/token. Maybe if you out line the use case your are trying to handle and what calls you are making (minus sensitive information) we can get this solved for you…

@bradb @John_Borelli

Hi Brad.

Ok. This is a simple as i can explain this.

My App → InfusionSoft API → Infusionsoft Dashboard.

If i create a customer in my Web App, i want it to appear in my InfusionSoft Dashboard.

That’s it! That’s all i want to achieve.

If i use the key generated in the dashboard “API Access” then i can use the api, and any changes and additions are seen in the dashboard. That’s great, that’s what i want. However, i have to do this manually. I want to do it automatically.

If i use https://api.infusionsoft.com/token to create the token… it get “Developer Inactive” as the reponse.

It’s like the API doesn’t know to connect me to my Dashboard.

This is what i’ve been trying to get across, and i cannot explain it any simpler than that.

The documentation has information on generating an OAuth access token using the REST API. However, the returned token does not seem to grant access to the data in my Dashboard.

1. REST Generated API Access token - Developer Inactive.

2. Dashboard API Acess Link generated token - Works.

Is there a way to use the REST API to get access to my Dashboard InfusionSoft account or will i always have to generate a new key and manually add it to my Web App?

Please tell which specific parts of this idea are not making sense here? I really don’t know how else to explain this.

Here is an article form InfusionSoft where they describe this process - https://developer.infusionsoft.com/tutorials/making-oauth-requests-without-user-authorization/
I want to be able to create a key automatically that works with the API, and lets me add customers so that i will see them in the dashboard.

So, if my app creates a user… it can call the API and add a customer to my infusionsoft dashboard successfully and does not return “Developer Inactive” as a response instead it successfully adds it as well.

Regards,

Daniel

Hi @Gavin_Nathan,

So this video doesn’t cover the API Access link because it’s super new but it covers the details about tokens and client id/secret etc…maybe it will help.

@Gavin_Nathan You only need to authorize once. You need to persist your refresh token though. You can then get a new access token via the refresh token. Most people setup a cron to do this or do it on demand based on the expiration of the token. Can you show us your post to https://api.infusionsoft.com/token?

forgive me as i am new but where can i find the client_id and client_secret ?
Ive searched High and Low and cant find any detail as to how to get these?

@Theo_Drakakis, each application registered will have a ClientId and ClientSecret assigned to it.

You can create an account at https://keys.developer.keap.com/ and register an Application to get started.

Setup your dev account where Tom mentions and that will give you your client id/secret pair. I’ll put a vid I have done to help with the rest of the process below…hope it helps.