Following the instructions in the documentation (the part sme for REST or XLM-RPC) I am using this command to retrieve my Access Token (I have successfully connected to my Developer App in IS and retrieved my code):
form action=“https://api.infusionsoft.com/token” method=“post”>
input type=“text” name=“client_id” id=“client_id” value=“MYID”>
input type=“text” name=“client_secret” ID=“client_secret” value=“MYSECRET”>
input type=“text” ID=“code” name=“code” value=“<? echo $_GET["code"]?>”>
input type=“text” name=“grant_type” value=“authorization_code”>
input type=“text” name=“redirect_uri2” id=“redirect_uri2” value=“MYURL”>
input type=“submit” name=“submit” id=“submit” value=“Submit”>
What I get is either a {error: 403} forbidden error)
IF I change the method from post to get (It clearly states it has to be post) I get an XML error:596 Service Not Found
provide a link to what docs you’re talking about because that doesn’t look like any documentation I’ve seen. Also, if you’re trying to get an access token then you’re using the wrong endpoint…let’s start with what docs you’re drawing off of though.
Thanks John. Those are great examples. My problem starts before that though - I cannot get an access token and I don’t know why. I get a 403 forbidden error. Infusionsoft has been helpful, but so far we’re all scratching our heads as to what the problem is.
Good catch on the redirect_uri2, Pav. I fixed that (to redirect_uri) after I posted the code.
Great point about the Redirect URL setup in my application account. It was NOT exactly the same as the value I was putting in the uri field. However, now when I try to retrieve my code (and sign in to get permission) instead it just signs me in to Infusionsoft- not as a developer but as a user.
I feel that I’m going backwards here. Signing in with my user credentials was how it authorized my code before, but trying it at that step with my developer credentials, now I get an error page:
his site can’t be reached
Okay, I experimented in what you are trying to do, but I was also getting the same failure when doing a Form POST as well. Using cURL I was able to get the Access / Refresh Tokens as normal.
Here is a copy of the code I used. First part is the Authorization using a Form Element. Second part uses cURL to process the Access Code and get the Tokens. Once you have authorized, it will go back to the script, do the cURL and return the Tokens.
Fill in the variables at the top for your application. You will need to deal in storing the Tokens, as the Access Token lasts for 24 hours, and the Refresh Token lasts for 6 months. You will need to refresh the Tokens after 24 hours. Some developers use Cron Jobs to refresh the tokens every 21 hours, or whatever you feel.
<?php
$client_id = "XXX"; // YOUR CLIENT ID
$client_secret = "XXX"; // YOUR CLIENT SECRET
$redirect_uri = "XXX"; // YOUR REDIRECT URL
?>
<html>
<head>
</head>
<body>
<h1>(1). Authorize</h1>
<form action="https://signin.infusionsoft.com/app/oauth/authorize" method="GET">
<input type="text" name="client_id" id="client_id" value="<?php echo $client_id; ?>">
<input type="text" name="response_type" value="code">
<input type="text" name="scope" value="full">
<input type="text" name="redirect_uri" id="redirect_uri" value="<?php echo $redirect_uri; ?>">
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<h1>(2). Tokens</h1>
<?php
if(isset($_GET['code']))
{
// Setup the HTTP Header Content Type.
$headers = array('Content-Type: application/x-www-form-urlencoded');
// Setup the Fields we are going to post.
$fields = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'code' => $_GET['code'],
'grant_type' => 'authorization_code',
'redirect_uri' => $redirect_uri
);
// Setup cURL so that we can post the Authorization information.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.infusionsoft.com/token");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute cURL and get the result back.
$result = curl_exec($ch);
// Close the cURL connection.
curl_close($ch);
// Get and store the Tokens.
$response = json_decode($result);
print_r($response);
}
?>
</body>
</html>
Thanks, that is the string I got, with the Access Token and refresh token. It’s a shame that the IS documentation is so incomplete, because it assumes a lot, and I don’t know where to take it from here.
I want to follow up here on what happened with POST not working anymore. Per the OAuth 2.0 specification the Authorization request has to be a GET. It was working with a POST coincidentally due to how we bind data from the request. We recently updated some of our services that affect OAuth which included a move to a new domain for Account Central. We had our Load Balancer start to issue redirects to the new domain for all GET requests to the affected services. POSTs we obviously not redirected which was causing your issue. We are sorry for the inconvenience that it caused. Also on the documentation side of things we would love to hear where you struggled so we can improve the docs.