Grant Type Code
Prerequisites
The default setting for the code grant callback URL is http://localhost. If you would like to change this, please email the API Support team at api@act-on.com with the URL you would like to use.
How It Works
The Code grant allows users to authorize your application to connect to their Act-On account, and does not require you to store their username and password in your application. Instead, they will be redirected to a page that requests an authorization from them. When they respond by clicking Authorize App and logging in, a one-time code will be generated for them and sent to your callback URL. Your application will then use that code as one of the parameters for the /token endpoint call.
Step 1: User Authorization
Use the following URL to send users to the authentication page:
1 |
GET https://restapi.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&client_id={{client_id}}&state={{optional}} |
1 |
http://localhost/?code=db5b2d1d7c569c6ef8166267ffffff |
Step 3: Request Access Token
POST the code from the above response to the token endpoint to obtain session access and refresh tokens:
1 |
https://restapi.actonsoftware.com/token |
Parameters
Name | Parameter Type |
Allow Multiple |
Required/ Optional |
Data Type | Description |
---|---|---|---|---|---|
grant_type | query | False | Required | string | Value must be 'authorization_code'. |
code | query | False | Required | string | Value from callback URL code parameter |
client_id | query | False | Required | string | Your client ID. |
client_secret | query | False | Required | string | Your Client Secret. |
redirect_uri | query | False | Required | string | Obsoleted but required. Can be any URL encoded string. e.g. "redirecturi" |
Request
HTTP
NOTE: replace the placeholder text in brackets with your code, client ID and client secret.
1 2 3 4 5 6 |
POST /token HTTP/1.1 Host: restapi.actonsoftware.com Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi |
cURL
NOTE: replace the placeholder text in brackets with your code, client ID and client secret.
1 |
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi' https://restapi.actonsoftware.com/token |
Response
1 2 3 4 5 6 |
{ "token_type":"bearer", "expires_in":3600, "refresh_token":"6d84dba1e8b55d795983af10abffffff" ,"access_token":"ec96c219f477cb695644498ffffff" } |