OAuth - Authorization Code
OAuth is the preferred authentication method for partners. Partner Applications submitted using API Keys will not be approved.
Salesloft uses OAuth 2.0 authorization flow to generate access tokens that your application can use against the API. Follow the steps below to gain access.
Create an OAuth App
You can create apps via Salesloft Account → Your Applications → OAuth Applications → Create New.

Fill out the blank fields and then click Save. You will then see a screen with your Application Id(Client Id), Secret(Client Secret) and the Redirect URI(Callback URL).

Your Application Id and Secret will be needed for the next steps in the Authorization process.
Obtain Authorization Code & Grant Access to Your App
At Salesloft, we use an Authorization code grant type in order to receive an Access Token to access our Public API. You will need to first generate a request to our authorization endpoint with your Application Id(Client Id). This endpoint will be displayed to the end user (if they haven't already accepted your application) and they can either approve or deny your application on setup.
Click the link below and replace YOUR_CLIENT_ID and YOUR_REDIRECT_URI with the appropriate values from your application in the address bar and hit Enter.
REDIRECT ENDPOINT
The following screen should appear prompting you to Authorize or Deny the application.

Obtain Access and Refresh Tokens
Upon approval, your redirect_uri is redirected to with the follow query parameters: [code, context, scope]. You must then do a POST request to our server to get an access and refresh token.
POST https://accounts.salesloft.com/oauth/token
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"code": params['code'],
"grant_type": "authorization_code",
"redirect_uri": "YOUR_REDIRECT_URI",
"context": params['context'],
"scope": params['scope']
}
You will get a JSON response back containing the identifying tokens and refresh information. Note that expires_in is seconds.
{
"access_token": "148ee12bafbd75a2a811caa01e1185af02b91d620d1c3f6a6a1e9153363a97bb",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "b344f50bfa08598b293dfbad1f8091ddbae9df3ca467491b28845e65dbcff112",
"created_at": 1448987410
}
Use Refresh Token
When you receive a notification that your access token has expired, you can use a refresh token to get a new one without prompting the user.
POST https://accounts.salesloft.com/oauth/token
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"grant_type": "refresh_token",
"refresh_token": "A_REFRESH_TOKEN"
}
This will return the same information as obtaining a token through an authorization grant.
Upon receipt of a refresh token, all old refresh tokens are revoked. In this way, if you perform a refresh, you must store the new refresh_token for future use.
Authorizing Requests
All requests that go to the Salesloft API will need the Authorization header set to Bearer YOUR_ACCESS_TOKEN. As the access_token is only good for a limited period, you must use the refresh token to generate a new access_token when prompted.
Passing up a refresh token will not allow access to the API. You must use the access token.
If sending JSON payloads ensure you set the Content-Type header to application/json.