...
The scope can either be set server-side or on a request-by-request basis. Before granting access to the client system, the end user will be shown the scope for which the client is requesting access. This is done so that the end user may understand what data they will be exposing to the client and has the opportunity to decline the access request.
The API allows access on a end user basis, so the API resources available to the client will be limited by the end user's native access settings. Furthermore, data returned by any request will also be limited by the end user's native access settings. Activity in Actionstep via the API will be logged against the authorizing end user.
...
All Access Tokens have a 30 minute lifespan and can easily be renewed via the OAuth2 token endpoint by using a Refresh Token which has a 14 day lifespan. A Refresh Token is returned with every Access Token issued.
Our OAuth2 endpoints are:
Registering As a Client
Companies wanting to leverage the Actionstep API will need to register their interest with Actionstep by contacting support@actionstep.com. On approval, the client will be issued with a set of credentials that they may then use to access the API for development and testing. A separate set of API credentials will be issued for production ready applications.