Grant-Type Password

Grant Type Password will return two important items.

access_token - Store the returned access token in your application to authenticate the other endpoint requests. The access token expires after 3600 seconds.
refresh_token - Password or Code grant types are limited to 5 authentication attempts per hour. Using the refresh token workflow avoids unneeded access token requests and prevents your application from reaching this limit. The refresh token expires when a new token request is made with the same credentials via any of the Grant Type calls or after one month.

ParameterParameter TypeData TypeDescription
grant_typex-www-form-urlencodedstringMust be set to 'password'
client_idx-www-form-urlencodedstringThe Client ID found in your Act-On account.
client_secretx-www-form-urlencodedstringThe Client Secret found in your Act-On account.
usernamex-www-form-urlencodedstringThe username for the Act-On account you wish to authenticate to
passwordx-www-form-urlencodedstringThe password that pairs with that username


curl --location '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode '[email protected]' \
--data-urlencode 'password=example' \
--data-urlencode 'client_id=jdaf823jsjsfd731jn' \
--data-urlencode 'client_secret=lsdfljsf873r92nlwhfy7eihwifhji74'


   "expires_in": 3600