Authorization ...Authorization is required via the oAuth2 OAuth2 standard.
Currently we support the Authorization grant type only. We , but we may introduce other methods as time goes on.
Actionstep requires the use of the scope argument, which is set to represents each resource that you want the client wishes to access, for . For example : the scope may be: "timerecords actions participants". This can either be set server side or on a request-by-request basis. Before granting access to your the client system the end user will be shown the scope you are requesting so they the client is requesting access for so that the end user may understand what data you they will have access be exposing to the client.
The API grants access on a system user basis, so your API methods will only ever have access available to the records which the user already has access toclient will be limited by the end user's native access. Also all activity using that access token will be logged under the user who authorized it.
This scope Scope also determines the output of the API resources, so you the client will only get receive data which is available to the scopes you requestrequested.
All access tokens have a 30 minute lifespan and can easily be renewed via the oauth2 OAuth2 token endpoint using a refresh token which has a 14 day lifespan (TBC).
Our oauth2 OAuth2 endpoints are:
https://api.actionstep.com/api/oauth/authorize
...
We currently only support the bearer Bearer oauth token authorization method, which is easily used when requesting data via the header: "Authorization: Bearer {accesstoken}"
...