I’ve just built a Wordpress plugin which communicates to the Infusionsoft REST API. In the plugin settings, I provided a link to a URL generated by the REST API PHP SDK:
The idea is, initially, a human user has to follow that link and log in. The client_id parameter in the URL gives away what Infusionsoft app the link relates to… (and so what Infusionsoft installation/account?)… and on successful authentication, Infusionsoft sends a token to the URL passed in the redirect_url parameter in the link. Then, my code uses that token to get a longer-lasting (~24 hours) access token which my plugin can use to make API requests.
I’ve also got a scheduled cron task which makes my plugin code check whether its 24-hour access token is close to expiring, and if it is, to renew it via an automatic API call.
So a human being needs to log in once, but after that, my plugin code can keep its access token fresh and active (for 3 weeks straight so far) without any more human intervention. If the token expires, I’ve programmed the plugin to email a support email address with a link to the plugin options page, so a support agent can fix the problem by logging into Infusionsoft again.
I’ve read posts suggesting there might be an all-automatic way to do this, but I haven’t figured out whether and how that’s possible. So far, Human-once-then-automatic seems to be working acceptably well.
Hope that helps…