Access user token without using Oathflow

(YPN Magazine) #1


I have been asked the following by our developer, can anyone point us in the direction of any threads that might help?

I Based on the documentation it looks like we need to take the user through an OAuth flow in order to get an access_token to use the api and get details down from the authorised user.

In our app the log-in will be entirely server-side with the user only providing an email and postcode and therefore an OAuth flow is not possible, do you have any way to get down a user token without using an OAuth flow?


(John Borelli) #2


OAuth is independent of your server side details. Although you would need to manage the refresh cycle on the server side, the rest is handled by Infusionsoft’s authentication servers. I have a video that covers all of this that might help.


(YPN Magazine) #3

We are unable to request access token.

We are using the article bellow to request access token.

This is the curl that we have compiled while following the article below: curl -X POST -d ‘client_id=w94tn6p7fjxsevasfxjrks9k&client_secret=HbGVdR8Mym&code=6u3ug9yrqqez23rggfxhxs6u&grant_type=authorization_code&’

We get this response: {"error":"invalid_grant","error_description":"Authorization code is invalid"}

When we try to give wrong grant_type (for example 123) the response is: "error": "unsupported_grant_type"

When we do not give any grant_type the response is: "error_description": "response_type or grant_type is required"

We are not sure how to resolve this problem, can you/someone please advise?

(also screenshot attached for reference)