Username and password flow

The username and password flow is suitable for clients capable of asking end-users for their usernames and passwords. The advantage over HTTP Basic, is that the user credentials are used in a single request and are exchanged for an access token and refresh token. This eliminates the need to store the username and password.

Unlike the server-side flow there are no redirects to the Podio authorization page because the user provides their username and password directly. The access token is also provided immediately and there's no authorization code which must be exchanged for an access token.

To gain an access token, you make a POST request to our endpoint with your authentication parameters placed in the request body. The grant_type parameter set to password.

Request body

If your app is successfully authenticated and the credentials provided are valid, the API will return the access token:

  "access_token": ACCESS_TOKEN
  "token_type": "bearer",
  "expires_in": EXPIRES_IN,
  "refresh_token": REFRESH_TOKEN,
    "type": "user",
    "id": USER_ID

Example code

The example code below show you how to do username authentication using the Ruby gem or PHP client.

php ruby
  :api_key    => 'YOUR_CLIENT_ID',
  :api_secret => 'YOUR_CLIENT_SECRET'

  Podio.client.authenticate_with_credentials('YOUR_USERNAME', 'YOUR_PASSWORD')

  # Authentication was a success, now you can start making API calls.

rescue Podio::PodioError => ex
  # Something went wrong