Limited to 5 authentication attempts per hour

Grant Type Code requests are disabled by default for new developer accounts. If you would like to enable this option, please contact Act-On Support with the callback URL you would like to use.

The grant type code method allows users to authorize your application to connect to their Act-On account and does not require you to store their username and password in your application.

Instead, they will be redirected to a login page (noted below) which requests authorization. Once granted, the page will redirect to your callback URL with the code appended to the URL. Your application can then use this code to request an access_token and refresh_token.

Base URL: https://api.actonsoftware.com/authorize

Parameter	Parameter Type	Data Type	Value
scope	query	string	`PRODUCTION`
response_type	query	string	`code`
grant_type	query	string	`authorization_code`
client_id	query	string	The Client ID found in your Act-On account.
client_secret	query	string	The Client Secret found in your Act-On account.
redirect_uri	query	string	The value must contain the redirect URL you set with Act-On Support.

Example

The following example URL will send users to the authentication page:

https://api.actonsoftware.com/authorize?scope=PRODUCTION&response_type=code&grant_type=authorization_code&client_id=12345678-9abc-defg-hijk-lmnopqrs&client_secret=12345678-9abc-defg-hijk-lmnopqrs&redirect_uri=https://localhost

Once the user has signed in and allowed your application access, the response containing the grant code is sent to your callback URL.

https://localhost/?code=db5b2d1d7c569c6ef8166267ffffff

Your application will then use that code to request the access_token and refresh_token as shown below:

All values must be sent with content-type=x-www-form-urlencoded

curl --location 'https://api.actonsoftware.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'code={code}'

Response

{ 
   "access_token":"12345678-9abc-defg-hijk-lmnopqrs",
   "refresh_token":"12345678-9abc-defg-hijk-lmnopqrs",
   "scope":"offline-access",
   "token_type":"Bearer",
   "expires_in": 3600
}