If you are a partner with an existing API token integration, you may want to migrate your existing integration's users to a Marketplace app.
It's possible to exchange the API token to a pair of access and refresh tokens using a custom grant type. You must execute this HTTP request to the OAuth server:
In order to execute the request, your request has to be authenticated via HTTP Basic Auth with the values of
Base 64 encoded string containing the
Note that authentication could also be done by providing values for
client_secretin the request body, but it's not recommended. Use it only when you cannot use HTTP Basic Auth approach.
Since you are trying to exchange an API token to a pair of tokens, you must use value
API token of the user
Have in mind that each
api_tokencan be exchanged only once, you have one chance for this operation. In case of problems, please contact [email protected]
If all data is correct, you will receive a response with the JSON data:
JSON key name
Access token you need to use for accessing user's data via API
The format of the token. Always "bearer"
Refresh token which is needed when you refresh
List of scopes selected in the app's settings
TTL of access token in seconds. After this time token will become invalid and you have to refresh it
The base URL path, including the
When the exchange of the tokens was successful, all users who were previously using the API token integration, will receive an email notifying them about the following:
- the integration has now been update to an OAuth app,
- the OAuth app has been installed to their company,
- the user needs to confirm the permissions the app has in their account before starting to use it.
The app will also appear in the user's Settings > Tools and apps > (Integrations) > Marketplace apps page.
Now you should delete the API token, because from this point on your app must only use OAuth authentication.
Updated about 1 year ago