Accessing Contacts via REST from a service/daemon


(Himanshu Phirke) #1

I have to integrate a javascript (node.js) application which needs to query the contacts from Infusionsoft.

As I was looking, REST is recommended way, but it requires a user action which is redirected to Infusionsoft account.

Since the REST API’s are accessed via backend service/daemon, I cannot use Oauth authentication. How do I use REST API’s?

Or I have to follow something else?


(Bradley Booth) #2

It is a one time authorization. After that you can easily use the obtained access token and refresh tokens to do anything you need on the backend service.


Can I create and edit contacts using the rest api?
(Tom Scott) #3

Is your application for integrating with your own Infusionsoft account, or for a third party user?

If the former, you could follow the OAuth2 authentication pattern by hand (personally, I use Postman for testing) and retrieve your refresh token / access token, then it is just a matter of calling the token endpoint to refresh it regularly.

If you are building a third party user application however, then the flow should use the OAuth2 redirect pattern for an initial authentication, after which your return endpoint will be passed the refresh token / access token, and you can then persist them for programmatic refreshing and usage.


(Himanshu Phirke) #4

So you are saying I can authentic once and use that access Token and
refresh Token for it?


(Bradley Booth) #5

Correct. Access tokens are good for 24hrs and the refresh are good pretty much forever until they are used. Once it is used to get a new access token then you will receive a new refresh token along with it.


(Himanshu Phirke) #6

I would try that approach.
I am accessing using my own infusion soft account.

Well ifcmy account is disabled or deleted then I have to get a fresh
authentication via OAUTH using another account?


(Tom Scott) #7

In general, yes.


(Himanshu Phirke) #8

How did you get the code via OAUTH via Postman? I was getting ERR_403_CORS_ORIGIN_DENIED error and got the solution after reading:

Are you aware of any native clients which I use for testing? Reason I am asking it, I am not aware what infusion soft uses to differentiate browser based and non-browser based token requests


(Bradley Booth) #9

There is the browser version of Postman and the native version. Make sure you use the native version. The browser version enforces CORS.


(Himanshu Phirke) #10

I used Linux X64 native version and still received CORS error. That requires any adjustment on native client?


(Bradley Booth) #11

Under Authorization are you using OAuth 2.0? If you use Postman’s authorization stuff it should not send CORS headers. Check out these docs (the OAuth 2.0 section) and see if that helps.

https://www.getpostman.com/docs/postman/sending_api_requests/authorization