InfusionSoft legacy xml-rpc API access token expiring frequently

(Sohail Iqbal) #1

I am working with the leagacy xml-rpc API of InfusionSoft to just update a few contact details of a contact like email and opt-out reason etc.

I am using google apps script to achieve that as the data with contact-id is available there as a list. Though, it is part of a larger project where these contacts are being retrieved from other sources.

I often see that I get a response 401 (Not Authorized) message in response to the requests being made. It requires regenerating the access token to get those requests through.

Is there any way, to have never-expiring token or some maximum time limit for that? as the client needs to regenerate token often to get that data updated.

The script needs to run daily for all new contacts available on the list, and no other direct user activity is involved.

I am sharing the sample code, retrieving contact details and that works fine when new token is generated the same day.

function infusionTry()
  var KEY = APIKEY;
  var url = "" + INF_TOKEN;
  var payload = HtmlService.createTemplateFromFile("ReqData").getRawContent();
  payload = payload.replace("{privateKey}",KEY);
  payload = payload.replace("{contactIDNumber}",666486);
  var params = {
    method: "post",
    contentType : "application/xml",
    payload : payload,    
    muteHttpExceptions: true
  var resp = UrlFetchApp.fetch(url, params);


(John Borelli) #2


The access token is only good for 24 hours. When you get it there is also a refresh token provided with it. You must, prior to the access token expiring, use the refresh token to get a NEW SET of access/refresh tokens. The old access token will then be invalid and the new access and refresh tokens must be the ones to use. Most developers are using a backend database with a job service like CRON to manage this more transparently.

(Sohail Iqbal) #3

Thanks @John_Borelli,

I can’t seem to find the refresh token being offered by infusionsoft on their developer site. The client has sent me the attached snapshot where only key and secret (token) is shown but no refresh token. Is it offered at some other place? or I have to use the oauth flow where client is required to login to infusionsoft?

Please keep in mind, I am talking about the legacy API.

(John Borelli) #4

You don’t find it there. When you get your access token a refresh token is also returned with it.