Application OAuth Token Generation

From Active911 Documentation Wiki
Jump to: navigation, search

These are instructions for integrating your app with the Active911 Developer API

Registration

The first step for 3rd party developers is to register your application.

The following information is required to add your client application to our system.

  • Application Name
  • Main Point of Contact
    • Name
    • Email
    • Photo ID
    • Phone Number
  • Company
    • Proof of Business Documentation (Business License or other Official Documentation)
  • Redirect URI - A redirection endpoint which will accept the authorization code generated by our system. This should be the full url of a your endpoint, but we will also accept the base domain name under which your endpoint lives.

Note: The Redirect URI is mandatory for web-based applications. If you are developing a native application, this is not necessarily required, though we do still recommend that you set this to your domain name so that you can identify the authorization code redirect in your native application.

If no Redirect URI is specified, we will set this to "http://localhost".

You may submit this via email to support@active911.com with the subject line of "Open API Developer Registration"

Once processed, you will receive in return a client_id, a derivative of your Application Name, and client_secret which will be used in requests to our authorization server.

Authorization Code

3rd party applications must use the Authorization Code workflow, starting with a request to https://access.active911.com/interface/open_api/authorize_agency.php by using a GET request.

Parameter Required Description
client_id yes The client_id given to your application when you registered it with us
response_type yes Currently we only support the Authorization Code workflow, so this must be set to "code"
redirection_uri yes The url you want the user to be redirected to after they authorize your request
scope yes The permissions you are requesting access for. This is a space delimited list of one or more of these scopes
state no You may set this to a particular value, and that value will be resent upon redirection after authorization

Upon authorization by the user, this will redirect to the redirection uri specified with the authorization code included as a query parameter: <REDIRECTION URI>/?code=<your new authorization code>

Access/Refresh Token Generation

You may exchange the authorization code for an access token and refresh token at https://access.active911.com/interface/open_api/token.php by using a POST request

Parameter Required Description
client_id yes The client_id given to your application when you registered it with us
client_secret yes The client_secret given to your application when you registered it with us
grant_type yes For initial token generation, this must be set to "authorization_code"
scope yes The permissions you are requesting access for
code yes The Authorization code you generated.

This will return a JSON object with:

{
 "access_token": "<The access token used to access the api>", 
 "token_type": "Bearer", 
 "expires_in": "<Seconds until the access token expires>" , 
 "refresh_token": "<The refresh token used to get a new access token when this one expires>", 
 "scope": "<The scope of permissions granted to this token.  May be less than the scope requested>"
}

The access token can then be used to access our API. It has a lifetime of 1 day before it expires.

The refresh token can be used to generate new access tokens after the current access token has expired. It has a lifetime of 1 year before it expires.

Refresh Token

You may use a refresh token to generate a new access token at https://access.active911.com/interface/open_api/token.php by using a POST request

Parameter Required Description
client_id yes The client_id given to your application when you registered it with us
client_secret yes The client_secret given to your application when you registered it with us
grant_type yes For refreshing your token, this must be set to "refresh_token"
refresh_token yes The Refresh token given when you submitted your authorization code.

This will return a JSON object with:

{
 "access_token": "<The access token used to access the api>", 
 "token_type": "Bearer", 
 "expires_in": "<Seconds until the access token expires>" , 
 "refresh_token": "<The refresh token used to get a new access token when this one expires>", 
 "scope": "<The scope of permissions granted to this token.  May be less than the scope initially requested>"
}