Below we explained how to integrate with Getreponse API using oAuth2 protocol.

Registering you own Application

If you want to use oauth flow to authorize your application, first thing you need to do, is to register your application at:

You need to set a name, short description and a callback url.

Choosing grant flow

If you registered your application you can click on it to see your client_id and  client_secret. Those are like login and password for your application, keep them in secret!

Now you must choose which flow of authentication (grant type) you want to use. Here some hint:

  • If your application is server based (you have some server with it's own domain and server-side code) then you probably want 'Authorization Code' flow
  • If your application is mostly based on javascipt / client side code - you should choose 'Implicit' flow
  • If you want to test your application or you want to access only your account on getresponse, then you can choose 'Client Credential' flow.
  • If you are using 'Authorization Code' flow you should also implement 'Refresh Token' flow to handle token expiration.

Below are some examples on how those flow's look like.


Example of Authorization Code flow request

First your application must redirect a resource owner to that url:

State parameter is there for security reason. After resource owner agrees on granting your application access to resource we will redirect the browser to redirect url you specify during applicatnio registration, and attach the same state as the parameter. This way you will know that this request is from us. The 'code' parameter is the authorisation_code that should be exchange for the access_token in the next 10 minutes. After that is expires.

This is a request for exchanging authorisation_code for access_token.

curl -u client_id:client_secret
-d 'grant_type=authorization_code&code=ed17c498bfe343175cd7684c5b09979f2875b25c'


"refresh_token": "170d9f64e781aaa6b3ba036083faba71b2fc4e6c"

Example of Client Credential flow request

This flow is the best for development use, when you must quickly get access to API to actually create some functionality. You can obtain the acces_token by:


curl -u client_id:client_secret -d 'grant_type=client_credentials'


"access_token": "e2222af2851a912470ec33c9b4de1ea3a304b7d7",
"expires_in": 86400,
"token_type": "Bearer",
"scope": null

You can also go to the page and click action button for your integration and select 'generate resentials'. This will open a popup with access_token ready to use.  After that you can use the access_token for standard use of our API, eg:

curl -H "Authorization: Bearer e2222af2851a912470ec33c9b4de1ea3a304b7d7"


Example of Implicit credential flow request

First your application must redirect a resource owner to that url:

After resource owner agrees on granting your application access to resource, we will redirect the browser to redirect uri that was specify in the request.

Unlike the Authorisaation Code flow, this redirect will already have access_token information in the request part. There is no authentication process involved.


Example of Refresh Token flow request

If you receive this error message as a response to your request:

"httpStatus": 401
"code": 1014
"codeDescription": "Problem during authentication process, check headers!"
"message": "The access token provided is expired"
"moreInfo": ""
"context": {
"sentToken": "b8b1e961a7f9fd4cc710d5d955e09c15a364ab71"

That mean that you must refresh your access_token. If you are using Authorisation Code flow then you should use refresh_token to issue a new pair of access_token and refresh_token by making request link this:

curl -u client_id:client_secret
-d 'grant_type=refresh_token&refresh_token=170d9f64e781aaa6b3ba036083faba71b2fc4e6c

In response you receive:

"access_token": "890fdsa2f5d7b189fc4e6c4b1d170d9f591238ss",
"expires_in": 86400,
"token_type": "Bearer",
"scope": null,
"refresh_token": "170d9f64e781aaa6b3ba036083faba71b2fc4e6c"

GetResponse 360

 There are some differences when authenticating GetResponse 360 users: