How do I get an access token?

Retrieving an access token is a multi-step process that will enable you to perform actions on behalf of a user.  Nearly all API resources required an access token.  Here's the basics:
  1. Obtain a temporary special use login url via the /oauth2/requestCode resource
  2. Direct the end user to the temporary login_uri location that is returned from the /oauth2/requestCode endpoint via a pop-up window (or iFrame, but we recommend a pop-up window).
  3. Once the end user has authorized your application to access their account, the end user will be redirected to your callback_uri that you specified in Step #1.  A query (GET) parameter will be added to the end of your callback_uri containing one or more authorization_codes.  Each authorization_code corresponds to a unique affiliation they have within the system.  If multiple authorization_codes are issued, the authorization_codes query parameter will be comma separated.
  4. Securely store and save the authorization_codes.  These codes are valid for 1 year and will be required to continue to access the user's account without needing to login again until the codes have expired (1 year).
  5. When you're ready to make an API call on behalf of the user, use the /oauth2/requestToken resource to exchange the authorization_code for an access_token.  Access tokens are valid for 30 minutes.  When an access token has expires, you will need to obtain a new access_token using the same authorization_code from Step #3 using the /oauth2/requestToken resource.
  6. Securely and temporarily store the access_token and complete your desired API calls using the new token.

API Authorization Page:


Feedback and Knowledge Base