OAuth Persistent Authentication


#1

Hello

I am looking to build integration between a back-end system which is NOT WEB BASED and FreeAgent. From what I can gather, the way authentication works is that I am provided a “code” via a callback URL and I then use the code to generate an access token. It seems that this access token has an expiration timer on it.

This is effectively useless in a scenario where I am integrating a non web-based application with FreeAgent. Can anybody provide any guidance on creating some kind of persisted information?

My end goal is to:

  • Automatically load invoices from our back-end system into FreeAgent on creation
  • Mark these invoices as paid when they are marked as paid in our system
  • Take a nightly feed of data from FreeAgent to mark invoices in my system which have been paid by bank transfer as paid
  • Keep customer (contact) information in sync between the two systems

Unless I can achieve this, I will probably need to look for something else to use.

Regards

Peter


#2

Hi Peter,

Thanks for your message and apologies for the delay in my response.

You’re correct, we use OAuth 2.0 for authentication between your integration and FreeAgent’s API.
This involves the exchange of tokens, one of which (the access token) expires after a period of time, and has to be refreshed.

The good news is that you can entirely automate the refresh process.
The “code” you’ve mentioned, supplied via a callback URL, is an authorization token. This can immediately be exchanged for another set of tokens (access and refresh tokens).

The access token, as you’ve mentioned, expires after 7 days.
You can use your refresh token, however, to refresh the access token at any time (even after it’s expiry). This can all be done without input from the user, which should make it feasible for your back-end system to automate the process (for example, via CRON).

The full details about OAuth 2.0, including the requests your integration should make, are documented here.
https://dev.freeagent.com/docs/oauth#how-oauth-2-0-works

I hope this helps!
Dave J