Integrate APIs from backend services

I have a problem in accessing APIs from our backend services. Since I want to access APIs from our backend services only, I don’t want to sign-in and then authorize, generate token, and then access API (as mentioned in this link https://developer.infusionsoft.com/authentication/#request-permission) and it is not possible to give redirect-url too . Is there any direct process?

I created passphrase and got the encrypted key as described in this link too.
(https://help.infusionsoft.com/userguides/get-started/tips-and-tricks/api-key )

But I don’t know how to use that key with the API request. I tried it as the access_token, but it didn’t work. For an example, let’s say i want to get the product list. Then the URL will be for the GET Request is as follows.
https://api.infusionsoft.com/crm/rest/v1/products/search?active=true&access_token=xxxxxxxxxxxxxxxxxxxx

Please help me to access your APIs. And I’m using C# .net.

Thanks in advance.

Not sure about the redirect part, but maybe my vid on it might provide some insight:

Thanks John_Borelli for your reply.

I watched your video. I know the OAuth flow for the authentication. But I cant use the given flow in my backend services because mine is just a REST API. Inside my API, I want to access Infusionsoft APIs and get the product list. Therefore sign-in to Infusionsoft, and redirect with a code, again get the token and so on is not possible. There is no UI part here. Hope you understand my point.

Hi, @Chalani_Peiris,

So I don’t know all the details of your project though I’ve built out many endpoints myself. I’ve found two prevailing models.

One, where I had a product to offer and the endpoints were supportive of that product. In this case, the product had it’s own authentication page and process that the subscribing customer would have to authorize a single time and then it would be all managed behind the scenes from then on out.

The other was access provided to us as a company that I manually set the authentication based on our own access credentials and again, it was managed behind the scenes from then moving forward.

So, without having more detail, I’m guessing that you’re saying that neither of those models fit what you are doing?

Note, that there is a legacy api key method but that is promised to be discontinued in use. Using the api key method, while SSO in implementation, runs a certainty of things breaking in the future.

Hi @Chalani_Peiris, there is a way to generate an access and refresh token without going through the OAuth flow. If you go to https://accounts.infusionsoft.com, there will be an “API Access” link next to each of your Infusionsoft accounts. Click on that link, enter your client id and secret from here, and an access and refresh token will be generated.

Edit: I would also recommend putting the access token in the auth header rather than as a url parameter. See the “Making Requests” section of the REST documentation for more info.

Hi Nicholas_Trecina,
Thanks for your reply. This time it worked. I tried this before but didn’t work. But I generated again and tried. It is working now.

One more thing, is this access token expiring? Is there a expiry time for this generated access token for the APIs?

Thanks

Access tokens expire every 24 hours. The refresh token obtained with access tokens are what normally are used to refresh the auth and you get a new set of tokens at that time to continue the cycle.

If you manually get the access token then code can run the refresh cycle to get the pair together. You would then store them with the expiration date/time and call the refresh before expiration then store the new ones.

Thanks for the reply.
What about the “refresh token”, is there an expiry time for refresh token as well?

Last I was told, the refresh token expires in 90 days.

Ok. Thanks a lot.