Authentication
Username and password flow
The username and password flow is suitable for clients capable of asking end-users for their usernames and passwords. The advantage over HTTP Basic, is that the user credentials are used in a single request and are exchanged for an access token and refresh token. This eliminates the need to store the username and password.
Unlike the server-side flow there are no redirects to the Podio authorization page because the user provides their username and password directly. The access token is also provided immediately and there's no authorization code which must be exchanged for an access token.
To gain an access token, you make a POST request to our endpoint with your authentication parameters placed in the request body. The grant_type parameter set to password.
HTTP METHOD: POST
URL: https://api.podio.com/oauth/token/v2
HEADER: "Content-Type: application/json"
BODY:
{
"grant_type": "password",
"username": YOUR_USERNAME,
"password": YOUR_PASSWORD,
"client_id": YOUR_APP_ID,
"redirect_uri": YOUR_URL,
"client_secret": YOUR_APP_SECRET
}
If your app is successfully authenticated and the credentials provided are valid, the API will return the access token:
{
"access_token": ACCESS_TOKEN
"token_type": "bearer",
"expires_in": EXPIRES_IN,
"refresh_token": REFRESH_TOKEN,
"ref":
{
"type": "user",
"id": USER_ID
}
}
Example code
The example code below show you how to do username authentication using the Ruby gem or PHP client.
Podio.setup(
:api_key => 'YOUR_CLIENT_ID',
:api_secret => 'YOUR_CLIENT_SECRET'
)
begin
Podio.client.authenticate_with_credentials('YOUR_USERNAME', 'YOUR_PASSWORD')
# Authentication was a success, now you can start making API calls.
rescue Podio::PodioError => ex
# Something went wrong
end