Can I get my web site to programmatically log in to obtain API Token/RefreshToken?

Hi everyone,
I have an issue where my web site makes use of the KEAP API to add customers to our KEAP account etc. From time to time the web site loses it’s API access (I have no idea why, it just drops it from time to time). Under normal circumstance I have a token-refresh routine running. If that routine fails, I am left having to manually login to KEAP to re-obtain a token/refreshtoken.

Can this manual login be done programmatically? I would much rather that the site itself is able to handle this as the need for human intervention (every time this happens) causes issues.

I have searched the Q&A for this topic (although not extensively) and have not found anything that relates to website use (it’s mainly phone-app related).

Thanks in advance.


Hi Cliff,

I think the question here is, how are you renewing the Access Token?

Here is information about renewing the Access Token: Making OAuth Requests Without User Authorization - Keap Developer Portal

Cron Jobs are the best way to renew them, otherwise you could end up with race conditions if the token renewal script is ran multiple times.

Thank for your reply. I am renewing the token via a cron job - so that side of things is covered. I have not been able to ascertain why that fails from time to time, however, when it does fail, I would like to be able to re-obtain the info without the need for human intervention.

I have set up logging in the hopes that I’ll find out why/how it’s failing.

Is it at all possible to have the web site re-generate that token/refresh token, if they are lost at some stage?


One scenario I can think of as to why the token refresh routine might be failing (I may be wrong) is that the last time this occurred, the user who’s credentials I’d used to obtain the token/refreshtoken had to change his password. I am not sure if the system is built in this way or not, but perhaps the user’s login needing a password reset then reset the token that was generated under his account? I have no idea, pure speculation.

If I am right, then this will happen from time to time as for some reason he’s being forced to change his password every 3 months or so.

I am open to this being totally wrong. I am just trying to figure out why, when I have successfully refreshed the token numerous times, that one day it comes back saying “invalid access token”.

1 Like

Interesting thought you had there. I wonder if that applies to other OAuth integrations.

I have seen forum posts in the past where developers have mentioned that their integration just mysteriously broke and they had to authorise the connection again. I wonder if changing the password would have this caused this or not. Or on the odd chance some glitch occurs during the renewal process.

You are doing the right thing in running a Cron Job in renewing the token. I presume you are saving both the Access and Refresh Tokens each time? Just wondering if a fallback measure is needed in which when you get the new Access Token you run a test to see if it works, if not then run the Refresh Token process again.

As a suggestion set up a session with your colleague to perform a User Password Reset and see if your integration carries on working on not.

@TomScott - You are the best person to answer this, would resetting the User Password alter the Token behaviour?

Thanks very much for getting back to me, Pav. I have (of course) not had a problem with it failing since I re-obtained the token and refresh last week. However, I have set up an email notification to inform me if it fails again.

Regarding your question, yes, I am saving both token and refresh token each time.

I don’t want to perform a password reset at the moment but when my colleague’s password needs resetting I will monitor it at that stage and come back to you. There’s a bit of traffic going through the system and I don’t want to risk it for now.

Thanks again!


P.S. Your ‘fallback’ suggestion is not a bad idea.