Limited to 5 authentication attempts per hour

Grant Type Code requests are disabled by default for new developer accounts. If you would like to enable this option, please contact Act-On Support with the callback URL you would like to use.

The grant type code method allows users to authorize your application to connect to their Act-On account and does not require you to store their username and password in your application.

Instead, they will be redirected to a login page (noted below) which requests authorization. Once granted, the page will redirect to your callback URL with the code appended to the URL. Your application can then use this code to request an access_token and refresh_token.

Base URL: https://api.actonsoftware.com/authorize

Example

The following example URL will send users to the authentication page:

https://api.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&grant_type=authorization_code&client_id=12345678-9abc-defg-hijk-lmnopqrs&client_secret=12345678-9abc-defg-hijk-lmnopqrs&redirect_uri=https://localhost

Once the user has signed in and allowed your application access, the response containing the grant code is sent to your callback URL.

https://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

Your application will then use that code to request the access_token and refresh_token as shown below:

All values must be sent with content-type=x-www-form-urlencoded

curl --location 'https://api.actonsoftware.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'code={code}'

Response

{ 
   "access_token":"12345678-9abc-defg-hijk-lmnopqrs",
   "refresh_token":"12345678-9abc-defg-hijk-lmnopqrs",
   "scope":"offline-access",
   "token_type":"Bearer",
   "expires_in": 3600
}