Infusionsoft OAuth scope & API monitoring

Max_Cenatiempo · October 15, 2018, 1:39pm

Hi there,

We gave access to some third party applications to our Infusionsoft instance. They authenticate via OAuth and as per my understanding they get full access (given that the only value for the OAuth scope supported by Infusionsoft is “full”). So my first question is about controlling the scope… Is there a way to control what third party applications can access? It seems a bit unsecure to give full read/write access by default to any apps that are authorised to access our Infusionsoft instance.
On top of that, I’m quite keen to understand what are the current mechanism to monitor API calls made by those applications so that we can track what has been accessed/modified and by whom. Is there anything in place in Infusionsoft to log API interactions (e.g. audit log, event log…)?

Thanks for your answer.

Max

TomScott · October 15, 2018, 4:57pm

As we transition from our Classic data model to more current offerings we are looking at making scope of requested permissions more granular, but at the moment the authorization is the same as whomever is authenticating the request. We do have ways to examine calls on our end, which we use to identify and action against bad actors, but do not provide call auditing at this time as a service.

Max_Cenatiempo · October 16, 2018, 2:33pm

Thanks Tom for you answer.

Topic		Replies	Views
API request to re-authenticate with Infusionsoft application? API Q&A oauth , api	18	1329	February 5, 2019
Are API Key Rate Limits shared by different infusionsoft accounts? API Q&A	2	1332	May 3, 2018
Mechanisms for API Permissions Control API Q&A	6	678	February 28, 2020
API Authorization API Q&A	1	696	August 2, 2017
Oauth2.0 Authentication with Multiple Applications API Q&A	7	1291	January 18, 2018

Infusionsoft OAuth scope & API monitoring

Related Topics