Greg Gleason Posted May 13 Share Posted May 13 Will the new Rest API always require a public URL to retrieve the Auth Token? All my code is held in a private network. How will I be able to retrieve the Token? Thanks. Greg Link to comment Share on other sites More sharing options...
Members Sterio, Louis Posted May 13 Members Share Posted May 13 Greg, May I ask how you are doing this with the XML API today? Also have you tried to connect to a non-production company via the REST API? Let me know where you are getting an error or where you are getting stuck. I am moving this thread to REST Open beta Feedback Link to comment Share on other sites More sharing options...
Preston, Charlie Posted May 15 Share Posted May 15 Louis, I was going to ask you about this – but will ask here instead as it relates to what Greg is asking. In the original beta there was an end point to retrieve a token by passing in the user/instance/password and receiving a token back directly in the response – this method is useful when writing scripts or desktop applications where you aren’t running a web server to receive a response from a callback. Is it still ok to use the original oauth2/token endpoint? I can see it still works, but as it’s not documented wanted to check. Thanks, Charlie Link to comment Share on other sites More sharing options...
Preston, Charlie Posted May 15 Share Posted May 15 I'll reword that last question so it makes more sense - should have been "Is it still ok to use the original oauth2/token endpoint and pass in the user name / password rather than the authorisation code?" Link to comment Share on other sites More sharing options...
Members Sterio, Louis Posted May 15 Members Share Posted May 15 Charlie, That was using the "password" grant_type we are removing this grant_type in 24R3 (August timeframe) and we did not document it on purpose. We only want to allow authentication with OAUTH. When we remove this grant_type in R3 we will also be implementing new expiration rules related to our refresh_token. We will be documenting this as well. Here is what is changing: 1.) Previously refresh tokens would expire after 365 days no matter what. This would force re-authorization through OAUTH to all integrations after 365 days. We realize this is not going to work. 2.) After 24R3 we will shorten the expiration date to 90 days and as you exchange your refresh token for a new access token we will push the expiration of the refresh token out another 90 days. 1 Link to comment Share on other sites More sharing options...
Members Sterio, Louis Posted May 15 Members Share Posted May 15 @Greg Gleason We're discussing this further tomorrow in our weekly meeting however for now you could use postman to OAUTH, and load the refresh token into your utility. Then you can exchange the refresh token for an access token each time the utility wakes up. However look for more of an official response from us in the near future. Link to comment Share on other sites More sharing options...
Recommended Posts