OAuth2 vs. API Key


(Lynn Chin) #1

Hello,

I have a question regarding with authenticating infusionsoft API via OAuth 2.0 and API Key as I am not sure which method works best for my situation.

Let say I have an application that wants to pull some data out from a user account via infusionsoft API. I was thinking to follow the OAuth 2.0 flow. But there is one thing that confuses me.

Does that mean the application will require to request permission to interact with infusionsoft application all the time while the token is expired?

Can I store the access token in database, and when the token is expired (let say, in 3 days ago), I can re-use the most recent access token granted to request for a new token?

Updated: I just found this page which talks about this. However, I am still not too sure what it means with the last two points. (See highlighted in bold text below).

Please note that Refresh tokens are no longer able to be used if one of the following criteria happens:

  • The refresh token is used.
  • Permission is given for access to the same user on the same Infusionsoft application for the same developer application.
  • The refresh token is older then 180 days.

(Page Designer) #2
  • refresh token is used to get new refresh token and access token, if you used your refresh token to get new token use new refresh token for next call.
  • if same developer app is used to authenticate same IS app the previous token will be nullified/not usable.
  • refresh token will not work if its older than 180 days, the life span of refresh token is 180 days and access token 24 hours

(Lynn Chin) #3

refresh token will not work if its older than 180 days, the life span of refresh token is 180 days and access token 24 hours

I would like to know what will happen if the refresh token (greater than 180 days) and access token is expired? Does the application need to redirect the user to Infusionsoft in order to authorize your application for access again?


(Page Designer) #4

you have to re authorize the developer app otherwise API calls will not work