oAuth2
The InvestReady API uses OAuth 2 for authentication. OAuth 2 can be a little tricky to get started with, and to make it easier we suggest you use an existing SDK.
Token Expiration
To keep an API secure, it is good practice to expire tokens so that if they get into the wrong hands, minimal or no damage can be done.
access_tokens expire after 90 days, which can be seen by the expires_in that comes back from a successful /token request.
refresh_tokens expire after two years, which means they should be usable for at least that amount of time unless the user revokes permission or your refresh your tokens via the /token endpoint.
Refreshing Tokens
Before making an API request, you should first check if the token you are going to use has expired.
<?php
//get the following from your database
$access_token = '1234';
$refresh_token = '5678';
$expires_in = 3600;
$created_at = 1470662749;
$client = new GuzzleHttp\Client();
//check if the access_token is expired
if ($created_at + $expires_in < now()) {
//the token is expired, get a new one
$response = $client->post('https://api.investready.com/oauth/token', [
'body' => [
'grant_type' => 'refresh_token',
'client_id' => 'YOUR_CLIENT_ID',
'client_secret' => 'YOUR_CLIENT_SECRET',
'redirect_uri' => 'YOUR_CLIENT_REDIRECT_URI',
'refresh_token' => $refresh_token
]
])->json();
//save this new data to your database
$access_token = $response['access_token'];
$refresh_token = $response['$refresh_token'];
$expires_in = $response['$expires_in'];
$created_at = now();
}
//proceed to make your API call
Access Token Types
Authorized User Request
Are tokens associated to a particular user that are gained through the traditional oAuth2 Connecting to an Account.
Usage Examples:
- Request/Submit Verification Data
- Update User
- Etc
Client Credentials
Are tokens that are associated to a particular application, and are created using the Getting Started with InvestReady.
Usage Examples:
- Listing Synced Users
- Billing
- Etc
Updated less than a minute ago