Migrated from Redmine #428 | Author: Nader Asiri
Status: New | Priority: High, I’m very impatient | Created: 2019-09-21
Hello,
SImplybook is the best option for me at this time, but there is a problem with your API authentication, your API is not following the recommended guidelines for the access token response.
When I invoke the method getToken I should get the following response:
- access_token (required) The access token string as issued by the authorization server.
- token_type (required) The type of token this is, typically just the string “bearer”.
- expires_in (recommended) If the access token expires, the server should reply with the duration of time the access token is granted for.
- refresh_token (optional) If the access token will expire, then it is useful to return a refresh token which applications can use to obtain another access token. However, tokens issued with the implicit grant cannot be issued a refresh token.
- scope (optional) If the scope the user granted is identical to the scope the app requested, this parameter is optional. If the granted scope is different from the requested scope, such as if the user modified the scope, then this parameter is required.
See here:
See here an example of an API using these rules ( Autodesk.com) :
APIs | Autodesk Platform Services
Your API only returns the token and that’s it, which is not useful if I want the token to be refreshed once it is expired, this will happen if you provide the expires_in time at least and the other options too.
As of this time, for me, your API is not possible to work with, so please fix this issue ASAP
Thanks