Grant Type Password
|
1 |
POST /token |
- Store the returned access_token to use to authenticate all other endpoint requests until the token expires. (3600 seconds)
- Store the returned refresh_token for the purpose of getting a new access_token after the access token expires.
- Use the access token for all non-authentication related requests as specified by documentation for endpoints you are using. Access tokens expire in 3600 seconds.
- To refresh a session, use the refresh token from the immediate prior session in a refresh request. When the refresh request is granted, the response contains another access token/refresh token pair.
The refresh token does not expire until a new initial access token request (a password or code grant type) or a refresh request occurs.
Password or Code grant types are limited to 5 authentication attempts per hour. Using the refresh token workflow avoids unneeded access token requests and prevents your application from reaching this limit.
Do not include password information in the URL of your request, but instead, include this in the request body.
Parameters
| Name | Parameter Type |
Allow Multiple |
Required/ Optional |
Data Type | Description |
|---|---|---|---|---|---|
| grant_type | x-www-form-urlencoded | False | Required | string | The value must be 'password'. |
| username | x-www-form-urlencoded | False | Required | string | The email address of a user in the Act-On account you are trying to access. Any special characters in the email address (besides '@') must be URL encoded. |
| password | x-www-form-urlencoded | False | Required | string | The password associated with the username. |
| client_id | x-www-form-urlencoded | False | Required | string | The Client ID you received in your welcome email. |
| client_secret | x-www-form-urlencoded | False | Required | string | The Client Secret you received in your welcome email. |
Unlike most other endpoints, the URL for the authentication request does not have /api/1/ in the URL path. The token endpoint URL is just: https://restapi.actonsoftware.com/token.
Request
|
1 2 3 4 5 6 |
POST /token HTTP/1.1 Host: restapi.actonsoftware.com Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded grant_type=password&username=email%40company.com&password=<your_password>&client_id=<your_clientid>&client_secret=< your_client_secret > |
Response
|
1 2 3 4 5 |
{"access_token":"f5652dc1-a5a6-98b6-8386-24f12fffeeff", "refresh_token":"a0569e19-j2ac-3ci1-81b1-684a7fffeeff", "scope":"default", "token_type":"Bearer", "expires_in":3600} |
Code Examples
|
1 |
curl -X POST https://restapi.actonsoftware.com/token -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&username=kyle.ansted%40act-on.com&password=fakepassword&client_id=yizQWb7d77upUEULhdC5CwoJiA4k&client_secret=3NYYsZLfhnTERLRibApvUrI9d3Ye' |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
var request = require("request"); var options = { method: 'POST', url: 'https://restapi.actonsoftware.com/token', form: { grant_type: 'password', username: 'kyle.ansted+ci201@act-on.net', password: 'temp4736', client_id: 'XgQQEaINQMa1ptlnKgyfSx49fD8a', client_secret: 'oCszod1mZaMjTtNWFrvlNh8I0aEa' } }; request(options, function (error, response, body) { if (error) throw new Error(error); console.log(body); }); |
Refreshing Authentication
After the initial authentication, you’ll need to use the Refresh grant type to get a new access token before the current ones hour-long lifespan expires.
