Infusionsoft API flow

Hello,

I have a workflow that I want to implement but currently I’m not sure how. I have two applications that integrate into infusionsoft but they are both using one client id and client secret. One of the applications (we’ll call it demo) has to stay constantly logged in so I logged in the first time, generated the access and refresh token, saved those to a database, and whenever I make a call from the front end I pull that information from the database for the infusionsoft calls. Now I’m making a new application (we will call it lite) that when a user clicks to authorize, they sign in with their own information, and using the same client id and client secret receive another access and refresh token then get redirected to another website (react front end) with their token information in the url that I parse to create their key. When they make an infusionsoft request I do a javascript post to the lite site and construct their key with the information that the react front end has. This doesn’t seem to be working and I was wondering if it is because each user can only have one access token and refresh token so since I’m authorizing for the demo site I can’t use another access token for the lite site, OR only one access and refresh token can be issued per application and I need to just pull that same information from the same database for the lite site? I know that’s complex but this is the best place I could think of to ask a question like this, any help would be really appreciated, thanks.

So your developer client id/secret identifies you as the requesting developer. The user’s oauth confirmation identifies them as the authorizing party. The token you get, therefor, represents the connection between you and their authorization. This means that if the same user with the same granted app access authorizes using your same credentials, then the former token will be in-validated when the new one is requested. It sounds like you may be encountering this very thing. My solution would be to setup a different set of dev credentials per application you create.

I had a feeling that was the case but I tried a different user for the authorization process which gave them a different set of access and refresh tokens and when I try to send those to my home.php page for constructing the infusionsoft->token it responds with a 500 internal server error. I’ve poured over the code and the error stops happening when I delete any infusionsoft related functions (in this case:
$contact = $infusionsoft->contacts()->findByEmail(“rnabeeh@infosol.com”, $selectedFields);
)

I tried doing an echo back to my react page to see what the infusionsoft object contains and it looks like this

frbszg558xgkrrpkbk7mekwyzpraqavqzad4b63bjrtc46nt1520637553{“needsEmptyKey”:true}

but the token looks right when I do an echo back it looks like this:

{“accessToken”:“frbszg558xgkrrpkbk7mekwy”,“refreshToken”:“zpraqavqzad4b63bjrtc46nt”,“endOfLife”:“1520637553”,“extraInfo”:{“token_type”:“bearer”,“scope”:“full|uv158.infusionsoft.com”}}

All this information used to construct the token were sent to the react page from the php page on authorization just for clarity. I hope all of this makes sense because currently I’m really not understanding the problem. Thanks again

You might need IS to look for you. I don’t believe a 500 error should be what you get if it was an actual authentication issue.

Yeah I’m not sure I’m understanding the issue properly because I checked to see if using the same information would work if I didn’t redirect to the react page and it did. Do I just talk to their support team for something like this?

Actually, scratch that I figured out the issue. It had to do with the way I was sending the information back to the php page. I appreciate the help if it doesn’t work for future queries then I definitely need to get some sort of in depth IS support or possibly some API experts, but again thanks this issue is currently resolved.

API is something I know very well especially with the IS api’s but if you have need then sometimes an IS employee can look at server records and such which might be helpful, however, general support would not be the contact. If you need to then we could probably ping the right person in here but also on some of the FB pages you’ll find help as well.