Actionstep API Authorization is preformed via uses the OAuth2 standard. This involves a series of communications between the resource server and the client to ensure the resource owner's identity and information are kept secure. For more information see the OAuth2 documentation and RFC 6749.
Grant Types
Currently, Actionstep supports the Authorization grant type only , but we may introduce other methods at later dates(other methods may be introduced in the future). The Authorization grant type will require requires the client to direct the end-user to Actionstep's API authorization page. This will be followed by a second page where the end-user will authorize the client to access their system based on the specified scope.
...
The scope can either be set server-side, or on a request-by-request basis. Before granting access to the client systemapplication, the end-user will be shown the scope for which the client application is requesting access. This is done so that the end user may understand what data they will be exposing to the client and has the opportunity to decline the access request.
The API allows grants access on a an end-user basis, so the API resources available to the client application will be limited by the end-user's native access settings. Furthermore, data returned by any request will also be limited by the end user's native access settings. permissions in Actionstep. Activity in Actionstep via the API will be logged against the authorizing end-user.
Tokens
All Access Tokens have a 30 60 minute lifespan and can easily be renewed via the OAuth2 token endpoint by using a Refresh Token which has a 14 21 day lifespan. A Refresh Token is returned with every Access Token issued.
Our OAuth2 endpoints are (for live production systems only):
Our OAuth2 endpoints are (for development systems only):
Registering As a Client
...
Obtaining Actionstep API Credentials
If you would like to connect to the API please contact support@actionstep.com with the details of your proposal. We will evaluate your proposal for suitability and check to see that the API can perform the functions you need. Once approved you will receive your API credentials to a test API environment where you can develop your application. When it is ready for release we will provide you with production API keys. If you require technical assistance during your API development this can be provided on a professional services basis, subject to availability and timing.