Authentication

Username and password flow

The username and password flow is suitable for clients capable of asking end-users for their usernames and passwords. The advantage over HTTP Basic, is that the user credentials are used in a single request and are exchanged for an access token and refresh token. This eliminates the need to store the username and password.

Unlike the server-side flow there are no redirects to the Podio authorization page because the user provides their username and password directly. The access token is also provided immediately and there's no authorization code which must be exchanged for an access token.

To gain an access token, you make a POST request to our endpoint with your authentication parameters placed in the request body. The grant_type parameter set to password.

URL
https://podio.com/oauth/token
Request body
grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD
&client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET

If your app is successfully authenticated and the credentials provided are valid, the API will return the access token:


{
  "access_token": ACCESS_TOKEN
  "token_type": "bearer",
  "expires_in": EXPIRES_IN,
  "refresh_token": REFRESH_TOKEN,
  "ref":
  {
    "type": "user",
    "id": USER_ID
  }
}

Example code

The example code below show you how to do username authentication using the Ruby gem or PHP client.

php ruby
Podio.setup(
  :api_key    => 'YOUR_CLIENT_ID',
  :api_secret => 'YOUR_CLIENT_SECRET'
)

begin
  Podio.client.authenticate_with_credentials('YOUR_USERNAME', 'YOUR_PASSWORD')

  # Authentication was a success, now you can start making API calls.

rescue Podio::PodioError => ex
  # Something went wrong
end