Application OAuth Token Generation

From Active911 Documentation Wiki
Revision as of 17:43, 14 February 2014 by Jonathan.woo (Talk | contribs)

Jump to: navigation, search

These are instructions for integrating your app with the Active911 Developer API

Registration

The first step for 3rd party developers is to register your application.

The following information is required to add your client application to our system.

  • Application Name
  • Main Point of Contact - Name, Email, Photo ID, Phone Number
  • Company - Proof of Business Documentation (Business License or other official documentation)
  • Redirect URI - As recommended by the Oauth2.0 specification, we require a redirection endpoint which will accept the authorization code generated by our system. This should be the full url of a your endpoint, but we will also accept the base domain name under which your endpoint lives.

You may submit this via email to support@active911.com with the subject line of "Open API Developer Registration"

Once processed, you will receive in return a client_id, a derivative of your Application Name, which will be used in requests to our authorization server.

Authorization Code

3rd party applications must use the Authorization Code workflow, starting with a request to https://access.active911.com/open_api/authorize_agency.php

ParameterRequiredDescription
client_idyesThe client_id given to your application when you registered it with us
response_typeyesCurrently we only support the Authorization Code workflow, so this must be set to "code"
redirection_uriyesThe url you want the user to be redirected to after they authorize your request
scopeyesThe permissions you are requesting access for
statenoYou may set this to a particular value, and that value will be resent upon redirection after authorization

Upon authorization by the user, this will redirect to the redirection uri specified with the authorization code included as a query parameter: <REDIRECTION URI>/?code=<your new authorization code>

Access/Refresh Token Generation

You may exchange the authorization code for an access token and refresh token at https://access.active911.com/open_api/token.php by using a POST request

ParameterRequiredDescription
client_idyesThe client_id given to your application when you registered it with us
grant_typeyesFor initial token generation, this must be set to "authorization_code"
scopeyesThe permissions you are requesting access for
codeyesThe Authorization code you generated.

This will return a JSON object with: {

 "access_token": "<The access token used to access the api>", 
 "token_type": "Bearer", 
 "expires_in": "<Seconds until the access token expires>" , 
 "refresh_token": "<The refresh token used to get a new access token when this one expires>", 
 "scope": "<The scope of permissions granted to this token.  May be less than the scope requested>"

}

The access token can then be used to access our API. It has a lifetime of 1 day before it expires.

The refresh token can be used to generate new access tokens after the current access token has expired. It has a lifetime of 1 year before it expires.

Refresh Token

You may use a refresh token to generate a new access token at https://access.active911.com/open_api/token.php by using a POST request

ParameterRequiredDescription
client_idyesThe client_id given to your application when you registered it with us
grant_typeyesFor refreshing your token, this must be set to "refresh_token"
refresh_tokenyesThe Refresh token given when you submitted your authorization code.

This will return a JSON object with: {

 "access_token": "<The access token used to access the api>", 
 "token_type": "Bearer", 
 "expires_in": "<Seconds until the access token expires>" , 
 "refresh_token": "<The refresh token used to get a new access token when this one expires>", 
 "scope": "<The scope of permissions granted to this token.  May be less than the scope initially requested>"

}