Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Actionstep API Authorization is preformed via the OAuth2 standard. This involves a series of communications between the resource server and the client to ensure the resource owner's identity and information are kept secure. For more information see the OAuth2 documentation and RFC 6749.

Grant Types

Currently, Actionstep supports the Authorization grant type only, but we may introduce other methods at later dates. The Authorization grant type will require the client to direct the end user to Actionstep's API authorization page. This will be followed by a second page where the end user will authorize the client to access their system based on the specified scope.  

 

Scope

Actionstep requires the use of the scope argument, which represents each resource that the client wishes to access. For example the scope may be:

Requests access to the time records, actions and participants resources 

"timerecords actions participants"

The scope can either be set server-side or on a request-by-request basis. Before granting access to the client system, the end user will be shown the scope for which the client is requesting access. This is done so that the end user may understand what data they will be exposing to the client and has the opportunity to decline the access request.

The API allows access on a end user basis, so the API resources available to the client will be limited by the end user's native access settings. Furthermore, data returned by any request will also be limited by the end user's native access settings. Activity in Actionstep via the API will be logged against the authorizing end user.

Tokens

All Access Tokens have a 30 minute lifespan and can easily be renewed via the OAuth2 token endpoint by using a Refresh Token which has a 14 day lifespan. A Refresh Token is returned with every Access Token issued.

Our OAuth2 endpoints are:

https://api.actionstep.com/api/oauth/authorize

https://api.actionstep.com/api/oauth/token

Registering As a Client

Companies wanting to leverage the Actionstep API will need to register their interest with Actionstep by contacting support@actionstep.com. On approval, the client will be issued with a set of credentials that they may then use to access the API for development and testing. A separate set of API credentials will be issued for production ready applications. 

  • No labels