Adding contacts and requesting access token

Hi all,

I’m a Developer trying to test out InfusionSoft using a sandbox account.
My use case is when a User register on our site, our backend will automatically call one of InfusionSoft API and add it to my InfusionSoft Contacts.

Initially I wanted to use this API call:
[POST] https://api.infusionsoft.com/crm/rest/v1/contacts

But then I realized it only accepts access token.
So I had to request the token first, so I did:
[POST] https://api.infusionsoft.com/token
with params
client_id
client_secret
code
grant_type
redirect_url

I called the using Postman, and it returns 403 CORS denied.
I wonder if anybody can shed some light on what I did wrong.

the end result ideally, we will store the access token and its expiry, if its expired then we request it again and then do the contacts addition

Edit:
I only put client_id and client_secret,
the rest of the parameters I put in as null or an empty string,
I tested grant_type as null/empty string or a string with “grant_type=authorization_code” or “authorization_code”

I’ve never gotten this to work with Postman (same issue). Have you tried just running the code from a server as a test (which usually works for me).

Hi @Thompson_Sanjoto, if you are receiving a 403 CORS Denied error, you’re most likely using the browser version of Postman. If you go here and download the standalone application, you should be able to request a token.

Seems like downloading the Postman app did solve the 403 CORDS denied error.

Now I got ‘error’:‘invalid client’ instead.

I’m guessing I need to have to establish
OAuth2 Authentication first before getting the access token.

Try taking a look at our OAuth2 Authentication page. It explains the steps for authorizing, getting a token, and refreshing a token.

Have you setup an account on keys.developer.infusionsoft.com yet?

Yes, I setup an sandbox account. I got the email redirecting to https://keys.developer.infusionsoft.com/apps/mykeys

I just need to setup the oAuth credentials first before getting the token. As Nicholas mentioned to follow that page.