Subscribe to contact.added event using Rest hook (for private app)


(Sam Brody) #1

Hey there. I am a recent Pipedrive transplant. In Pipedrive, we subscribed to all new leads coming in and then used the lead contact info in a private app for our company.

From what i understand, for me in order to start subscribing to rest hooks in IS, i need to register our end point first and i need to be a verified developer.

I have a client id and secret, and a developer account. When i try retrieving available hooks for example, it still says “developer inactive”. How do i become an active developer?

Then next, how do i register a new endpoint? I found this in the docs but w/o code examples.
https://developer.infusionsoft.com/docs/rest/#!/Authentication/permission

Does anyone have the code for this (pref in curl?)

Thank you so much!!


(Pav) #2

Check out my code at this link here:

It will allow you to get the Authorisation Code, in which in turn will get the initial Access and Refresh Tokens. Once you have those tokens you will need to store them and deal with them as the Access Token expires after 24 hours.

I wrote this a few weeks ago on how you can verify the REST Hook.

Once you have done all that setup your REST Hook will work. I believe there is now a 5 minute delay when a REST Hook gets triggered.


(John Borelli) #3

@Sam_Brody,

The process of obtaining access/refresh token pairs initially do not lend itself to using curl. The reason is that it requires user action on an infusionsoft app allow/deny page so that the user may authorize only the app they wish to give access to.

Using your client id/secret pair, you must request an authorization token. The authorization token is what is required to request access to the allow/deny page that the user must use to authorize a specific infusionsoft app. The authorization token usually only has a time to live something close to 5 minutes. If they select one of their apps that their login has access to and click ‘allow’, then Infusionsoft sends a JSON string containing time to live, access token, refresh token and access type (always set to full at this time). You would then need to store the tokens for later refresh (before the access token expires in 24 hours) using the refresh token (which expires in 90 days). When requesting refresh, and upon success, you will get a completely new pair of access and refresh tokens and should store them for later use as before. The previously stored set will then be invalid from that point forward.

Hope that clears up the process.


(Mike Christianson) #4

@Sam_Brody If you mean create a Hook Subscription, then you would POST to /crm/rest/v1/hooks. Be sure to read that documentation and if you need some more background, check out RESTHooks.org.


(Sam Brody) #5

So i understand:

Step 1: User signs in at https://signin.infusionsoft.com/app/oauth/authorize?client_id=[client_id] with [username], and [password] and infusionsoft server grants that user permissions attached to a code. User saves off [code] in storage.

Step 2: User asks for an auth token, posting to https://api.infusionsoft.com/token with [client id] and [code] in post body, which returns user an access token and a refresh token. User saves off [access_token] in storage.

Step 3: User attaches [access_token] on all api request.

since i’m not building a web app that is browser based, is there a way i can pass username and password on an auth route instead to grant permission?


(John Borelli) #6

That’s the whole point to the answer given. They do not want people pragmatically authorizing apps for IS app users. No, this cannot be done. You have to either manually authorize to start the process and then maintain the refreshed state or provide an interface to allow users to initiate the process.


(Sam Brody) #7

thank you, that was not clear to me somehow…so the only option is to manually sign in and then fetching that refresh token every 90 days (i believe thats what i read about the ttl somewhere). :smiley: hm


(John Borelli) #8

using the refresh token every 24 hours…it may be good for 90 days but the access token is not. What you get back will be a NEW SET of tokens…the others will no longer be usable.


(Sam Brody) #9

thank you everyone! i’ve actually found a super quick work around! If you’re not looking for a full blown integration / don’t want to deal with sign in + refreshing tokens: Zapier is integrated with Infusionsoft and they let you create a custom webhook. So every time a new opportunity is added to my Infusionsoft account it triggers a post to my app. Takes 1 minute to set up!