Skip to content

OAuth 2.0 - Client Credentials

The Client Credentials flow can be used for testing and debugging purposes. You can also use this method to connect your site with your GetResponse account. Client Credentials doesn’t require setting redirect_url on your server, so this flow is a good starting point for practicing using GetResponse OAuth. If you want to access other people’s GetResponse accounts, you need to implement the Authorization Code flow. In that flow, the account owner will have to permit your application to access their account.

Note:

  • This is a first-steps document, covering the basics of the Client Credentials authorization method. For a comprehensive discussion of OAuth2 methods, please refer to the API documentation.
  • We suggest you use the Postman application as an API test utility (this is a third-party tool commonly used by developers). You can also use the cURL library.
  • We also recommend that you not implement OAuth from scratch in your application. Instead, you should use a third-party library appropriate to your system architecture, e.g. for PHP with provider, Ruby, or Python.

Register application and obtain authorization data

  1. Visit Add new application in GetResponse WWW
  2. Enter a name, description, and logo of your application. Next, enter a Redirect URL. This is the URL to which GetResponse will redirect your client during the authorization process. This should be an URL in your domain, for example: https://mytemplatemaker.example.com/gr_callback
  3. Click Add.

Your registered app will appear under Connected applications. Click on the app name to display:

  • Client ID - This is the “application username”. It identifies your application in the GetResponse system.
  • Client secret key - This is the “application password”. This key should be strictly confidential and protected.

You need these parameters to obtain an authorization token. Now you can send a request. Be sure to replace client_id and client_secret_key with their actual values:

bash
curl -X POST \
     -u  client_id:client_secret_key \
     https://api.getresponse.com/v3/token \
     -H 'Content-Type: application/json;charset=utf-8' \
     -d '{
       "grant_type" : "client_credentials"
   }'

You should get the following response:

json
{
    "access_token": "ac8839aae",
    "expires_in": 86400,
    "token_type": "Bearer",
    "scope": null
}

Access_token will be a string of letters and numbers. Use the token in the header field Authorization: Bearer to authorize any further calls, e.g.:

bash
curl -X GET \
      https://api.getresponse.com/v3/campaigns/ \
      -H 'Authorization: Bearer ac8839aae' \
      -H 'Content-Type: application/json;charset=utf-8'

Refresh token

The token expires in expires_in time (given in seconds). Once this happens, you’ll get the following response (bearer_token_code is a number you send with request):

json
{
    "httpStatus": 401,
    "code": 1014,
    "codeDescription": "Problem during authentication process, check headers!",
    "message": "The access token provided is expired",
    "moreInfo": "https://apidocs.getresponse.com/en/v3/errors/1014",
    "context": {
      "sentToken": "bearer_token_code"
    }
}

You’ll then have to obtain a new token.