Access user token without using Oathflow

Hi

I have been asked the following by our developer, can anyone point us in the direction of any threads that might help?

I Based on the documentation it looks like we need to take the user through an OAuth flow in order to get an access_token to use the api and get details down from the authorised user.

In our app the log-in will be entirely server-side with the user only providing an email and postcode and therefore an OAuth flow is not possible, do you have any way to get down a user token without using an OAuth flow?

@YPN_Magazine,

OAuth is independent of your server side details. Although you would need to manage the refresh cycle on the server side, the rest is handled by Infusionsoft’s authentication servers. I have a video that covers all of this that might help.

We are unable to request access token.

We are using the article bellow to request access token.

This is the curl that we have compiled while following the article below: curl -X POST https://api.infusionsoft.com/token -d ‘client_id=xxxxxx&client_secret=xxxxxx&code=xxxxxx&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fpugpig.com&undefined=’

We get this response: {"error":"invalid_grant","error_description":"Authorization code is invalid"}

When we try to give wrong grant_type (for example 123) the response is: "error": "unsupported_grant_type"

When we do not give any grant_type the response is: "error_description": "response_type or grant_type is required"

We are not sure how to resolve this problem, can you/someone please advise?

(also screenshot attached for reference)

(Edited to remove keys: You will want to regenerate your key/secret pair as a security measure. Treat keys as passwords.)

Your grant type can only be “full”. That is all that will work with it right now.

Here is a reply from my developer for the conversation. Can you please add it into the discussion:


We have tested grant_type=full using this curl:

curl -X POST https://api.infusionsoft.com/token -d ‘client_id=xxxxxxxxx&client_secret=xxxxxxxxx&code=xxxxxxxxx&grant_type=full&redirect_uri=https%3A%2F%2Fpugpig.com&undefined=’

The response is:

{“error”:“unsupported_grant_type”,“error_description”:“The authorization grant type is not supported by the authorization server.”}

We are using this documentation: https://developer.infusionsoft.com/authentication/#request-access-token and attempting to get the access and refresh tokens using this api. Do you have any other suggestions?

(Edited to remove keys: You will want to regenerate your key/secret pair as a security measure. Treat keys as passwords.)

Sorry, the grant type should be authorization_code. I was getting the code parameter mixed up with the grant type. authorization_code is what you’ll need to use.