I am struggling to find any good examples of how to get an access token and refresh token without having a user login. Does anyone have a simple Python script that can use the client id and secret to get the access tokens???
1 Like
The client id and secret, together with a user logging in, is what authenticates, and generates your initial access token and refresh token.
The access token is then valid for 24 hours. After it expires, the access token can no longer be used.
The refresh token, provided it’s valid, can be used to generate a new access token and refresh token while the old refresh token is made invalid.
I’m not sure how long refresh tokens are valid, maybe weeks or months??
When a new access token is generated through a refresh token, this doesn’t require a user to login.
You only need to authenticate the first time.
In theory the new refresh token can be used to generate a new access and refresh token over and over again until the end of time. But if something changes, or if there’s an internet connectivity issue, and error, etc, where the new refresh token isn’t stored, and you’re stuck with the old one, then you’d need to re-authenticate by having a user log in and authenticate to generate your initial access token and refresh token all over again.
There’s info on the REST api here:
https://developer.infusionsoft.com/docs/rest/#!/Account_Info/getAccountProfileUsingGET
You can also authenticate on the page there and then get to work testing various endpoints with the authenticated access token.
This page covers the general overview of how this would work:
https://developer.infusionsoft.com/tutorials/making-oauth-requests-without-user-authorization/#introduction
I haven’t worked with the infusionsoft api through Python before, but I have a strong knowledge of how it works as far as PHP goes.
This Python library looks promising and what I’d recommend for Python:
You might also try posting through Postman to see how using a refresh token works.
Then write the Python for it.
Thank you for the detailed information. The user in the case of my integration project will never be logging in. It will be me logging in for them and getting the tokens. I used the test API links provided via Keap to get an access token but I could not see a refresh token. Is there a simple way to login as the user and retrieve both the access and refresh tokens? I tried the F12 developer mode in Google Chrome but could not figure out where the refresh token would be stored.
A simple way would be to open up your JavaScript console (assuming Chrome) and open up the network tab.
Keep it open while authenticating.
Then once you authenticate, find the XHR request in the network tab and click it, then check the response.
It should show you the accessToken and refreshToken.
This is a simple way to do it without having to write any code to generate an accessToken and refreshToken.
Not sure I understand because oauth is designed for the purpose of providing a way to manage access by login credentials and limit rights per user. In the case of Keap, you have to have this because a single login can have access to multiple accounts.
Now, you only have to ask for the login once and if that’s the part that is bothering you (ie you think they constantly have to login) then that’s not true…but, you do have to manage refresh tokens. I have a video on doing this but it’s in PHP, still it goes over the concepts and should help some.
