Authentication

OAuth2

The required mechanism to get a token which expires after 30 minutes. The token is required on any request locked by security.

Getting Authorisation - using client id and client secret - and confirmation from client You need: YOURSITE : the site code for your infoodle site USERS-LOGIN-OR-CLIENT-ID : the username they normally login with USERS-CLIENT-SECRET : the users client secret accessed from their account screen

Step 1: GET HTML To authorise curl -G https://YOURSITE.infoodle.com/apiv2/oauth2/authorise -d "client_id=USERS-LOGIN-OR-CLIENT-ID" -d "redirect_uri=https://YOURSITE.infoodle.com/apiv2_auth" -d "response_type=code" Step 2: POST Authorisation back curl https://YOURSITE.infoodle.com/apiv2/oauth2/authorise -d "client_id=USERS-LOGIN-OR-CLIENT-ID" -d "redirect_uri=https://YOURSITE.infoodle.com/apiv2_auth" -d "response_type=code" -d "authorized=yes" Step 3: Take the code returned in step 2 will be in the Header - on the Location value as part of the URL. Use it to POST back along with the access token curl https://YOURSITE.infoodle.com/apiv2/oauth2/token -d "grant_type=authorization_code" -d "code=CODE-FROM-LAST-CALL" -d "client_secret=USERS-CLIENT-SECRET" -d "client_id=USERS-LOGIN-OR-CLIENT-ID" -d "redirect_uri=https://YOURSITE.infoodle.com/apiv2_auth"

Token included in authorisation header with the keyword Bearer - e.g. ... Accept: application/json Authorization: Bearer 910f98f99f9ba3d29960dd660a4e55972eda4db4 ...

Flow type authorizationCode
Authorization URL /apiv2/oauth2/authorise
Token URL /apiv2/oauth2/token
Refresh URL /apiv2/oauth2/refresh
Scopes
  • read: allows reading resources
  • write: allows modifying resources