Skip to main content

OAuth Authentication

Salesloft uses OAuth 2.0 authorization flow to generate access tokens that your application can use against the API. Follow the steps below to gain access.

Create an OAuth App

You can create apps via Salesloft AccountYour ApplicationsOAuth ApplicationsCreate New.

Salesloft New Application
 

Fill out the blank fields and then click Save. You will then see a screen with your Application Id(Client Id), Secret(Client Secret) and the Redirect URI(Callback URL).

Salesloft New Application
 

Your Application Id and Secret will be needed for the next steps in the Authorization process.

Obtain Authorization Code​ & Grant Access to Your App

At Salesloft, we use an Authorization code grant type in order to receive an Access Token to access our Public API. You will need to first generate a request to our authorization endpoint with your Application Id(Client Id). This endpoint will be displayed to the end user (if they haven't already accepted your application) and they can either approve or deny your application on setup.

Click the link below and replace YOUR_CLIENT_ID and YOUR_REDIRECT_URI with the appropriate values from your application in the address bar and hit Enter.

REDIRECT ENDPOINT

https://accounts.salesloft.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code

The following screen should appear prompting you to Authorize or Deny the application.

Salesloft New Application

Obtain Access and Refresh Tokens​

Upon approval, your redirect_uri is redirected to with the follow query parameters: [code, context, scope]. You must then do a POST request to our server to get an access and refresh token.

POST https://accounts.salesloft.com/oauth/token

{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "code": params['code'],
    "grant_type": "authorization_code",
    "redirect_uri": "YOUR_REDIRECT_URI",
    "context": params['context'],
    "scope": params['scope']
}

You will get a JSON response back containing the identifying tokens and refresh information. Note that expires_in is seconds.

{
    "access_token": "148ee12bafbd75a2a811caa01e1185af02b91d620d1c3f6a6a1e9153363a97bb",
    "token_type": "bearer",
    "expires_in": 7200,
    "refresh_token": "b344f50bfa08598b293dfbad1f8091ddbae9df3ca467491b28845e65dbcff112",
    "created_at": 1448987410
}

Use Refresh Token

When you receive a notification that your access token has expired, you can use a refresh token to get a new one without prompting the user.

POST https://accounts.salesloft.com/oauth/token

{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "grant_type": "refresh_token",
    "refresh_token": "A_REFRESH_TOKEN"
}

This will return the same information as obtaining a token through an authorization grant.

Upon receipt of a refresh token, all old refresh tokens are revoked. In this way, if you perform a refresh, you must store the new refresh_token for future use.

Authorizing Requests

All requests that go to the Salesloft API will need the Authorization header set to Bearer YOUR_ACCESS_TOKEN. As the access_token is only good for a limited period, you must use the refresh token to generate a new access_token when prompted.

Passing up a refresh token will not allow access to the API. You must use the access token.

If sending JSON payloads ensure you set the Content-Type header to application/json.