Grant Type Code

Prerequisites

The default setting for the code grant callback URL is http://localhost. If you would like to change this, please email the API Support team at api@act-on.com with the URL you would like to use.

How It Works

The Code grant allows users to authorize your application to connect to their Act-On account, and does not require you to store their username and password in your application. Instead, they will be redirected to a page that requests an authorization from them. When they respond by clicking Authorize App and logging in, a one-time code will be generated for them and sent to your callback URL. Your application will then use that code as one of the parameters for the /token endpoint call.

Step 1: User Authorization

Use the following URL to send users to the authentication page:

GET https://restapi.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&client_id={{client_id}}&state={{optional}}

1	GET https://restapi.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&client_id={{client_id}}&state={{optional}}

The "state" parameter is optional and will be passed along to your callback URL. This allows for session tracking.

Step 2: Callback URL and Code

The response containing the grant code is sent to your callback URL. The default setting for the callback is http://localhost. If you would like to change this, please email the API Support team at api@act-on.com with the URL you would like to use.

A response will look like the following:

http://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

1	http://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

Step 3: Request Access Token

POST the code from the above response to the token endpoint to obtain session access and refresh tokens:

https://restapi.actonsoftware.com/token

1	https://restapi.actonsoftware.com/token

Parameters

Name	Parameter Type	Allow Multiple	Required/ Optional	Data Type	Description
grant_type	query	False	Required	string	Value must be 'authorization_code'.
code	query	False	Required	string	Value from callback URL code parameter
client_id	query	False	Required	string	Your client ID.
client_secret	query	False	Required	string	Your Client Secret.
redirect_uri	query	False	Required	string	Obsoleted but required. Can be any URL encoded string. e.g. "redirecturi"

Request

HTTP

NOTE: replace the placeholder text in brackets with your code, client ID and client secret.

POST /token HTTP/1.1
Host: restapi.actonsoftware.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi

POST /token HTTP/1.1

Host: restapi.actonsoftware.com

Cache-Control: no-cache

Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi

cURL

NOTE: replace the placeholder text in brackets with your code, client ID and client secret.

curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi' https://restapi.actonsoftware.com/token

1	curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=<AUTHORIZATION CODE>&client_id=<CLIENT ID>&client_secret=<CLIENT SECRET>&redirect_uri=redirecturi' https://restapi.actonsoftware.com/token

Response

{
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"6d84dba1e8b55d795983af10abffffff"
,"access_token":"ec96c219f477cb695644498ffffff"
}

{

"token_type":"bearer",

"expires_in":3600,

"refresh_token":"6d84dba1e8b55d795983af10abffffff"

,"access_token":"ec96c219f477cb695644498ffffff"

}