OAuth - Getting Token and Refresh Token with Authorisation Code

Andrew_Davies · 5 December 2024 12:46

Hello all

Apologies if this is a basic question, but I have tried and tried and am a little stuck.

I have successfully retrieved an Authorisation code from Log in to your FreeAgent account

I am now trying to get an Access Token and Refresh Token from https://api.freeagent.com/v2/token_endpoint - but am stuck.

I’ve been testing in Postman.

From the docs - it is unclear to me how I pass the client ID and secret. I suspect they need to be encoded to base64 in the format client_id:secret. is that correct?

If so - do I pass it in the header of the request or the body? I have tried both. The docs just say “using the Client ID as the username and Client Secret as the password” with no specific details.

I’ve put
grant_type=authorization_code&code=XXXX

in my body

Any tips welcome.

Thanks,
Andrew

UPDATE

This Curl command returns “Invalid_grant”. Could that be related?

curl -X POST https://api.freeagent.com/v2/token_endpoint -d “client_id=XXXXXX”
-d “client_secret=XXXXXXXXX”
-d “grant_type=authorization_code”
-d “code=XXXX” \

{“error”:“invalid_grant”}%

Jamie_McGlone · 6 December 2024 14:22

Hi Andrew

Jamie from FreeAgent here.

Before using Curl, you need to generate the access token as outlined here, but I’m wondering if you have already generated the access token? During the step which involves logging into and authorising your FreeAgent account, you are authorising access and thus are creating the access token. This does not require an additional step after logging into your account, so as you have logged into your account it sounds to me like you may already have the access token.

When testing myself with Postman, once I had logged into my account and was redirected back to Postman, I could then see my access token included under the heading “Current Token” in the Authorization tab. If you find your access token here like I did, passing this access token into a curl command as outlined here will hopefully work for you.

I hope this helps, but just let me know if you have any questions!

Best regards,
Jamie

Andrew_Davies · 6 December 2024 16:24

Hello Jamie

My apologies - my fault for jumping in feet first and not getting a thorough understanding of the docs! All good now -

I’ve actually got a Google Apps Script working as an intermediary between Glide and FreeAgent. The GAS logs the UserIDs and stores the refresh tokens, client IDs etc etc - then handles refreshing the token when Glide makes a new API call to FreeAgent (unless the token is still valid)

It’s taken a lot of trial and error and head scratching, but I think I am there now! Just need to do some more testing.

Thanks again,
Andrew