Menu
I am using InfusionSoft's API to save the contents of a form that is filled out on a website. The API uses OAuth, and from what I can tell there isn't a way to have a life-long session.
The way the OAuth appears to work is that it is designed for a user to login if their session has expired, just like logging into a website. This obviously isn't suitable for an API, but I'm sure this isn't an unusual requirement.
I have an initial token, but after that expires, what then? The only thing I can think of is to have a cron job that runs hourly to refresh the access token (there is a 'refreshAccessToken' method).
780
OAuth depends on Session management In order to show this dependency, let's examine the different ways two apps can communicate with each other using the Authorisation code grant flow[2].
The other way to make an API call with an access token is to add it to the request header. If using curl (a command line program that can be used for running API requests) you would specify the access token like this. Notice that the access_token is not in the URL at all. See the example on the API documentation site.
You need to store both the Access Token (short term - it is live for 24 hours) and the Refresh Token (long term).
You will only need to call the refreshAccessToken method at the start of each session. That method will return both a new Access Token and a new Refresh Token.
Use the new Access Token for the current "session" when making API requests. The Access Token will be valid for 24 hours (this changes from time to time).
Store the new Refresh Token and use it again for your next session.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
