Get your credentials

As a user

To connect to your own workspaces, simply visit https://connect.penbox.io/authorize to get a token dedicated to a specific workspace.

❗️

Token Expiration Date

For security reason, we recommend generating a token of 1 day or less.

  1. Select the workspace
  2. Select a token longevity (e.g. 1 day)
  3. Select 'Get a token'
  4. Copy the generated token

👍

Congratulations you successfully generated a token

As a partner: Penbox CONNECT

For external partners and providers, we put in place a CONNECT gateway that enable partners to authenticate on behalf of users and perform actions on Penbox API's.

Credentials

To be able to use the CONNECT gateway, partners require

  1. client_id (e.g. my-super-partner)
  2. client_secret (e.g. 404D635166546A576D5A713474377721)

Both are provided by Penbox once partnership is acted.

Authorization

The first step for a partner to be able to perform actions on behalf of a Penbox user is to get the authorization from this user using a standard oAuth2 flow.

Concretely, you will add a connect your Penbox account button in your tool, that will successively:

  1. redirect the user on [connect.penbox.io/authorize](http://connect.penbox.io/authorize),
  2. there, allow the user to authenticate on Penbox and authorize the linking
  3. redirect back to your website with an authorization code in the url parameters

You will then use this code to get a access_token (and add custom_data on Penbox side, see below).

You can find an example of a quick implementation on our developer documentation here :

Penbox APIs

You will receive a token, and a refresh_token, that will enable you to get back a valid token once the initial one expires. It is your responsibility to manage tokens/refresh_tokens.

The refresh_token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.

More info can be found here :

Refreshing Access Tokens - OAuth 2.0 Simplified