Getting started
Get an API key
Authentication
API Reference
- Actions
- Alerts
- App market
- Applications
- Batch
- Calendar
- Comments
- Contacts
- Conversations
- Devices
- Email
- Embeds
- Files
- Flows
- Forms
- Friends
- Grants
- Hooks
- Importer
- Integrations
- Items
- Layout
- Linked Accounts
- Notifications
- OAuth authorization
- Organizations
- Questions
- Ratings
- Recurrence
- Reference
- Reminders
- Search
- Space members
- Spaces
- Status
- Stream
- Subscriptions
- Tags
- Tasks
- Users
- Views
- Voting
- Widgets
Tutorials
Client Libraries
Developer Forums
Citrix Developer
Partner Extensions
Terms of Use

Podio API Documentation

OAuth authorization: Get access token

Show other operations

POST /oauth/token/v2

Gets a new access token for use when accessing the API.

Podio supports 4 ways of obtaining an access token:

password: Use the end users mail and password to access the API. This is only valid for trusted clients
authorization_code: Use the authorization code obtained from step one of the authorization (see the area for more information)
refresh_token: Use the refresh token obtained previously from one of the above methods.
app: Login as an app with the id of the app and the apps login token

This operation can return a wide variety of error codes. For details see the OAuth 2 specification.

Usage

Ruby Gem

o_auth.rb

Podio::OAuth.get_access_token( attributes )

Parameters

app_id: The id of the app to login as, if using "app" grant type
app_token: The token of the app, gotten from the app configuration, if using "app" grant type
client_id: The key of the API client
client_secret: The secret of the client. This will be generated by Podio and can be acquired in the API key area in Podio.
code: The authorization code if using "authorization_code" grant type
grant_type: The type of the grant, can be either "password", "authorization_code", "refresh_token" or "app"
password: The password of the end-user if using "password" grant type
redirect_uri: The redirect URL requested by the client if any. This has to match the domain associated with the client.
refresh_token: The refresh token acquired from an earlier create token request, if using "refresh_token" grant type
username: The mail of the end-user if using "password" grant type

Request

grant_type: The type of the grant, can be either "password", "authorization_code", "refresh_token" or "app"
client_id: The id of the client. This will be the mail of the client requesting the access token
client_secret: The secret of the client. This will be generated by Hoist and can be acquired by logging in to the Hoist API site.
code: The authorization code if using "authorization_code" grant type 
redirect_uri: The redirect URI associated with the client, if using "authorization_code" grant type
username: The mail of the end-user if using "password" grant type
password: The password of the end-user if using "password" grant type
app_id: The id of the app to login as
app_token: The token of the app, gotten from the app configuration
refresh_token: The refresh token acquired from an earlier create token request, if using "refresh_token" grant type

Response

{
  "access_token": The created access token. This is currently 128 characters long,
  "token_type": The type of token, currently always "bearer",
  "expires_in": The number of seconds until the access token expires and cannot be used anymore,
  "refresh_token": The refresh token to use when a new access token is required because the access token expires,
  "ref": The reference to the entity logged in,
  {
    "type": The type of the entity, either "user" or "app",
    "id": The id of the entity, f.ex. the user id
}
}

Sandbox

The sandbox only handles GET operations for now.

Podio API Documentation

OAuth authorization: Get access token

Operations in OAuth authorization

Sandbox