Grant Type Code

Prerequisites

As of July 2019, Grant Type Code requests are disabled by default for new developer accounts. If you would like to enable this option, please contact Act-On Support with the callback URL you would like to use.

How It Works

The Code grant allows users to authorize your application to connect to their Act-On account, and does not require you to store their username and password in your application. Instead, they will be redirected to a page that requests an authorization.

When they respond by clicking Authorize App and logging in, a one-time code will be generated for them and sent to your callback URL. Your application will then use that code as one of the parameters for the /token endpoint call.

Step 1: User Authorization

Use the following URL to send users to the authentication page:

GET https://restapi.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&client_id={{client_id}}&state={{optional}}&redirect_uri={{Your_Callback_URL}}

1	GET https://restapi.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&client_id={{client_id}}&state={{optional}}&redirect_uri={{Your_Callback_URL}}

The "state" parameter is optional and will be passed along to your callback URL. This allows for session tracking.

Step 2: Callback URL and Code

The response containing the grant code is sent to your callback URL. This must be provided to Act-On Support when they enable this method for your account.

A response will look like the following:

http://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

1	http://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

Step 3: Request Access Token

POST the code from the above response to the token endpoint to obtain session access and refresh tokens:

https://restapi.actonsoftware.com/token

1	https://restapi.actonsoftware.com/token

Parameters

Name	Parameter Type	Allow Multiple	Required/ Optional	Data Type	Description
grant_type	query	False	Required	string	Value must be 'authorization_code'.
code	query	False	Required	string	Value from callback URL code parameter
client_id	query	False	Required	string	Your client ID.
client_secret	query	False	Required	string	Your Client Secret.
redirect_uri	query	False	Required	string	Required. Must be a valid redirect URI.

Request

HTTP

NOTE: replace the placeholder text in brackets with your code, client ID and client secret.

POST /token HTTP/1.1
Host: restapi.actonsoftware.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=<REDIRECT URI>

POST /token HTTP/1.1

Host: restapi.actonsoftware.com

Cache-Control: no-cache

Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=<REDIRECT URI>

cURL

NOTE: replace the placeholder text in brackets with your code, client ID and client secret.

curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=<REDIRECT URI>' https://restapi.actonsoftware.com/token

1	curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=<REDIRECT URI>' https://restapi.actonsoftware.com/token

Response

{
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"6d84dba1e8b55d795983af10abffffff"
,"access_token":"ec96c219f477cb695644498ffffff"
}

{

"token_type":"bearer",

"expires_in":3600,

"refresh_token":"6d84dba1e8b55d795983af10abffffff"

,"access_token":"ec96c219f477cb695644498ffffff"

}