Forum Discussion
Hi Hari329
further to the above. The documentation mentions the following
Using the authorization grant flow via a back-end API call The authorization grant flow assumes that a web browser is involved during authentication. If you want to use a back-end API call for OAuth, create an API-only user with appropriate permissions to make the API calls. This API-only user must login once through the community using the authorization flow to receive access and refresh tokens. From there on subsequent authenticated, backend API calls can be made using the tokens.
What that means is, even if the user will be used for back end calls, they will still need to go trough the standard OAuth interactive exchange for the first login, to make sure that you can get a valid access token and refresh token for that user. The below diagram (from the KB page) depicts the interactive exchange (which is the same used for normal, non API users)
At the end of the process (which can be initiated with any suitable HTTP client, manually) you will have obained an access token and a refresh token and you can then store them in your application for subsequent calls.
SuzieH - it looks like our KB page may need some more detail to avoid confusion around this manual step required for backend users. Is that something you can help with?
Thanks,
Related Content
- 2 years ago
- 5 years ago
- 4 years ago