For external partners and providers, we put in place a CONNECT gateway that enable partners to authenticate on behalf of users and perform actions on Penbox API's.
To be able to use the CONNECT gateway, partners require
Both are provided by Penbox once partnership is acted.
The first step for a partner to be able to perform actions on behalf of a Penbox user is to get the authorization from this user using a standard oAuth2 flow.
Concretely, you will add a connect your Penbox account button in your tool, that will successively:
- redirect the user on
- there, allow the user to authenticate on Penbox and authorize the linking
- redirect back to your website with an authorization
codein the url parameters
Make sure you URL-decode the received token before using it in /token API POST
You will then use this
code to get a
access_token (and add
custom_data on Penbox side, see below).
You will receive a
token, and a
refresh_token, that will enable you to get back a valid token once the initial one expires. It is your responsibility to manage tokens/refresh_tokens.
refresh_token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.
More info can be found here :