Request API Access token from csharp backend

Brian_Woosley · June 25, 2019, 8:21pm

I am developing an app (backside) in csharp to send emails using your API.
I am following this example https://github.com/EventDay/Infusionsoft.net, and using the OAuth process. I can create contacts, opt in, and send emails using my application name and access token, but that token is generated manually from infusionsoft admin page.
So, what I want to know is how to generate that token from the code using a call to the API, I have this piece of code:

    private static void getAccess()
    {
        
        var client = new RestClient("https://api.infusionsoft.com/token");
        var request = new RestRequest(Method.POST);
        request.AddHeader("cache-control", "no-cache");
        request.AddHeader("content-type", "application/x-www-form-urlencoded");
        request.AddParameter("application/x-www-form-urlencoded", "grant_type=client_credentials&client_id=xxxx&client_secret=xxxxx&code=1&redirect_uri=www.empowr.com", ParameterType.RequestBody);
        IRestResponse response = client.Execute(request);
    }

But I have not been able to retrieve correctly the access token, and then use that token in the refresh token process to always be connected.
So, could you help me to retrieve and refresh my access to the API?

Note. This process must be transparent to the users, they do not need to interact with app since it is a backend tool.

Thanks in advance,
Miguel

John_Borelli · June 25, 2019, 8:44pm

others have used the HttpClient class to reach the rest endpoint, capture the return and then use that same approach to get the access/refresh tokens with the auth token

Brian_Woosley · June 25, 2019, 10:05pm

Do you have an example of that class that you can share to me, please?

Brian_Woosley · June 25, 2019, 10:16pm

And another question related to this issue, do I need to specify redirection uri? it is because I will not redirect the app after retrieving the application access token.
Or how do I need to specify that parameter in the post?

John_Borelli · June 25, 2019, 11:40pm

The redirect URI is so you can capture the token…if you use the method mentioned then you might still need to use it. You have to capture the auth token and then use that to capture the access/refresh tokens so the redirect URI is for the middle of that process.

Brian_Woosley · June 26, 2019, 7:40pm

I have been testing with this example in php Cannot retrieve my Access Token, but I have not been able to receive my access token. According to https://developer.infusionsoft.com/get-started/ , is it a must to have a sandbox account? since I have not created it.

Brian_Woosley · June 26, 2019, 8:29pm

I used this code in csharp to make the call, but I receive this error message: “The underlying connection was closed: An unexpected error occurred on a send.”
According to the example sent in the previous comment, there, first a request authorization is done, but it is done in the web server, and since the user will not interact with my tool, I am avoiding that step and I am only trying to request the access and refresh token by using a post. Is it correct to do it in this way?

Thanks for your help.

        // Create a request using a URL that can receive a post. 
        WebRequest request = WebRequest.Create("https://api.infusionsoft.com/token");
        // Set the Method property of the request to POST.
        request.Method = "POST";
        // Create POST data and convert it to a byte array. 
        string postData = "grant_type=authorization_code&client_id=xxx&client_secret=xxx&code=u76adkx8q9j9zz6g7jtcaxzy&redirect_uri=http://www.empowr.com"; 
        byte[] byteArray = Encoding.UTF8.GetBytes(postData);
        // Set the ContentType property of the WebRequest.
        request.ContentType = "application/x-www-form-urlencoded";
        // Set the ContentLength property of the WebRequest.
        request.ContentLength = byteArray.Length;
        // Get the request stream.
        Stream dataStream = request.GetRequestStream();
        // Write the data to the request stream.
        dataStream.Write(byteArray, 0, byteArray.Length);
        // Close the Stream object.
        dataStream.Close();
        // Get the response.
        WebResponse response = request.GetResponse();
        // Display the status.
        Console.WriteLine(((HttpWebResponse)response).StatusDescription);
        // Get the stream containing content returned by the server.
        dataStream = response.GetResponseStream();
        // Open the stream using a StreamReader for easy access.
        StreamReader reader = new StreamReader(dataStream);
        // Read the content.
        string responseFromServer = reader.ReadToEnd();
        // Display the content.
        Console.WriteLine(responseFromServer);
        // Clean up the streams.
        reader.Close();
        dataStream.Close();
        response.Close();

Brian_Woosley · June 27, 2019, 3:28pm

I am using OAuth since legacyAuth does not work anymore for new applications.

Pav · June 27, 2019, 4:36pm

Hi Brian, are you saying that the “Admin - Settings - Application - API” section is no longer available?

Brian_Woosley · June 27, 2019, 4:47pm

Hi, yes it is available and I can access it. I enter my API Passphrase, and then I can see my Encrypted Key.
but when I use it in Csharp method it does not work.

    private static void LegacyAuth()
    {
        const string application = "af701";
        const string apiKey = "xxxxxxxxxxxxxx"; 

        var vendor = new Vendor(apiKey);

        var client = vendor.Connect(application, "b@email.com", "pass");

}

Brian_Woosley · June 27, 2019, 4:51pm

and in the documentation you can find: The Infusionsoft API uses a fairly standard implementation of OAuth 2.0 in order to provide authentication to all API endpoints. In the past, the Infusionsoft API has relied on a simple token based system; while those tokens will remain active until some date in the future for the XML-RPC API, any new implementations and all requests to the REST API will be required to use OAuth 2.0

Pav · June 27, 2019, 5:07pm

We do not get many C# questions, but we can see if we can help you out here.

First off, what version of Windows Server are you using here? Is it TLS v1.2 compatible?

If you are having issues with both OAuth and the Legacy Key, then something is differently not connecting properly here. I cannot comment on the SDK you are using there, but it does seem a long time since it was updated. Although the legacy part would work today.

In regards to the documentation there is several things to say about that. Every week there is at least a developer who comes to the forum having problems with OAuth. OAuth is actually a specification, but unfortunately there is dozens of variations of how the tokens are dealt with. Not every one is consistent. What they say is “fairly standard” is open to debate.

Infusionsoft API has been running for about 13 years now, which was built on the XML-RPC protocol. Infusionsoft introduced REST as a replacement, but unfortunately it is still incomplete. Depending on what you are developing your script could use all REST API functionality. But there is some gaps, which means you would have to use the XML-RPC protocol instead. Then you have two different things in use.

The other question here is, would you be maintaining the script in the future?

Brian_Woosley · June 27, 2019, 6:13pm

I am using Win10 Pro and visual studio 2015.
I can connect the example included here https://github.com/EventDay/Infusionsoft.net to the API, through OAuth but managing my credentials manually, ie, application name and accessToken. It works and I can send emails. But I want to retrieve that token automatically. Then, following the process to aunthenticate for infusionsoft is as described here https://developer.infusionsoft.com/docs/xml-rpc/#authentication, however I omit the Request Permission, since the user won’t interact with the tool, I am only working in the Request an Access Token and Refresh Access Token. Do I am doing it correctly?

And yes, the idea is to migrate our process of sending emails by using your API.

Pav · June 27, 2019, 6:49pm

Double checking here, is this a Desktop application or a Server application?

Brian_Woosley · June 27, 2019, 6:53pm

It is a windows service.

Pav · June 27, 2019, 7:05pm

I am taking a guess here, but is the Window Service being protected by Windows Security? Does it need specific privileges so that it can communicate to a website?

Could your Firewall be blocking the communication?

Brian_Woosley · June 27, 2019, 7:08pm

Before putting as a service I am testing it as a desktop app. It is not blocked since I can send emails using your api with an api access retrieved manually.
I have tested the post process with other sites and I can receive the result of it.

Pav · June 27, 2019, 7:27pm

Due to the nature of this, you will have to do an initial manual set of the tokens.
You can generate the Tokens via Infusionsoft via the account is connected.
Then you will have to input those Tokens into your service.

Then it needs to refresh every 20 or so hours as the Access Token will expire within 24 hours.
The Refresh Token will last for several months. But when you refresh the tokens, you will get new Access and Refresh Tokens.

The only issue is that if you get an issue with the tokens, then you will have to go through the manual process again.

Brian_Woosley · June 27, 2019, 8:03pm

Great, I can obtain my access and refresh token manually, so I will try to refresh that token through a post to your API.

Pav · June 27, 2019, 8:10pm

For your reference (bottom part): https://help.infusionsoft.com/help/oauth-authentication

PS: I do not work for Infusionsoft, I just help out in the forums.