Can you please help how to get authorization code without redirecting to https://api.freeagent.com/v2/approve_app page.
Ewa here from the Engineering Team at FreeAgent — thanks for your message on our forum. Redirecting your user to our approval page at https://api.freeagent.com/v2/approve_app is a compulsory step in the FreeAgent API’s OAuth2 journey and I’m afraid it cannot be skipped - for security reasons, an authorisation code can only be generated once the user has logged into FreeAgent using that page.
I hope this helps, but if you have any further questions, please feel free to let me know and I’ll do my best to help out.
Thanks so much for your kind reply indeed! I am afraid we are integrating your FreeAgent APIs for a mobile app (android and iOS) from our back end REST API project; in that case we need to get your access token. Is there any way to get access token directly using RPC call as I have no idea how to perform the OAuth code flow from in back end.
Looking forward to hearing from you.
Sorry for the delay in response – I’m afraid the only way to get the authorization code at the moment is to have the user log in using the web view, and cannot be done purely from the backend (this has to be done once per user only, once the user has approved an app and you’ve received the OAuth tokens, you should be able to use the access and refresh tokens to access data in their account without further interaction with the FreeAgent frontend). As far as I’m aware this is the standard way of implementing the Authorization Code Grant, as you can see from the OAuth 2.0 Authorization Framework RFC:
4.1. Authorization Code Grant
The authorization code grant type is used to obtain both access
tokens and refresh tokens and is optimized for confidential clients.
Since this is a redirection-based flow, the client must be capable of
interacting with the resource owner’s user-agent (typically a web
browser) and capable of receiving incoming requests (via redirection)
from the authorization server.
If I’m misunderstanding what you’re after, could you give me an example of an API with OAuth 2.0 authorisation using Authorization Code Grant which works in the way you’d expect?
I am facing an issue in generating authorization code after following all the steps from the given API documentation. It always gives me an error message saying that This app is only for accountants.
Can you help me out in this.
Thanks for joining our forum! The error you’re receiving would suggest that the app you’re trying to approve has the
Enable Accountancy Practice API option switched on – if the app sits within your Developer Dashboard account, you can check that by logging in and viewing the app under My Apps. If you see the following:
This means that only account managers (accountants) can approve the app. If this setting is incorrect, and the app should in fact be available to the end users of FreeAgent, you can untick this option in the app’s edit view.
Hope this helps!