12

I am using InfusionSoft's API to save the contents of a form that is filled out on a website. The API uses OAuth, and from what I can tell there isn't a way to have a life-long session.

The way the OAuth appears to work is that it is designed for a user to login if their session has expired, just like logging into a website. This obviously isn't suitable for an API, but I'm sure this isn't an unusual requirement.

I have an initial token, but after that expires, what then? The only thing I can think of is to have a cron job that runs hourly to refresh the access token (there is a 'refreshAccessToken' method).

silkfire
  • 24,585
  • 15
  • 82
  • 105
Mike
  • 8,767
  • 8
  • 49
  • 103
  • See maybe this site for some guidance: https://developer.infusionsoft.com/docs/read/Getting_Started_With_OAuth2 – silkfire Feb 25 '15 at 12:22
  • Yeah, that expects a user to be redirected to Infusion Soft to login. It's a CRM, so the user would never have an account, instead they'd need to be added as a contact. The 'user' of Infusion Soft, and the user who logs in via OAuth is the website itself (the CRM owner). I can obviously do this to get an initial Access Token, but then what? – Mike Feb 25 '15 at 12:26

1 Answers1

11

You need to store both the Access Token (short term - it is live for 24 hours) and the Refresh Token (long term).

You will only need to call the refreshAccessToken method at the start of each session. That method will return both a new Access Token and a new Refresh Token.

Use the new Access Token for the current "session" when making API requests. The Access Token will be valid for 24 hours (this changes from time to time).

Store the new Refresh Token and use it again for your next session.

Bradley Ullery
  • 449
  • 3
  • 7