Authentication

Agendize offers two types of authentication that you can choose depending on how you want to use the platform:

• Use authentication with SSO token and API Key if your Agendize application will manage multiple Agendize accounts.
• Use authentication with OAuth2 if your Agendize application will manage a single Account.

Your Agendize application manages multiple accounts

Agendize API uses an SSO token and API Key to allow partners to manage multiple accounts.

Overview

An Agendize Single Sign-On token is linked to a specific account. It must be used with an API Key token.

Prerequisites

To manage multiple accounts, you need to have:

1. Access to the Developers Console within the Agendize platform with at least one active account
2. Requested access to the SSO Token related to your account from our Support team

Usage

Once you have valid API and SSO tokens, you will be able to execute API requests by adding them to your API request header.

Request Header:

Important
You need to use the SSO token of a partner account to use the partner API. However, once you manage child accounts, you will need to use the child account's SSO token API.

Your Agendize application manages one account

Agendize API uses OAuth2 to allow Agendize users to authorize third party systems to access their data without sharing their actual login details.

Overview

OAuth2 is an authentication process allows your application to get a valid access token linked to a specific Agendize account. To authenticate your application, you will join the access token to your API requests (see "Usage" section for more).

How it works:
First, the final user will authorize your app that will allow you to get an access token and a refresh token. If the access token expires, you will use the refresh token to renew the access token.

Prerequisites

You need to have access to the Agendize Developer Console with at least one active Agendize account.

Usage

Once you get a valid access token, you should always add the access token to the API request header.

Request Header:

How to get a valid access token

When you register an Application in Agendize, we provide a Client ID and a Client Secret for this application.

Important
The Client ID is considered public information, however the Client Secret must be kept confidential.

Once your application has the OAuth2 authentication process implemented, you will have a valid access token that your application must join as URL parameters to all API calls. Click here to see it.

Authentication Request

You need to redirect the user to the Agendize authorization page:

Required URL parameters:

• client_id: This is the client id linked to your Agendize application. It is visible in the Agendize Developer Console.
• redirect_uri: This is the URL the user will be redirected to after authorizing your app through our interface.

Important
We will accept to redirect the user only to URLs listed in the Redirect URLs section of the Application, as found in the Developer Console.

Authorization Code

Once the user has logged in and authorized your application he is redirected to the redirect_url, with the authorization as a url parameter.

Token Request

You should now request an access token and a refresh token in exchange for the authorization code. To do so, send the request below.

Request

Required parameters

• client_id: This is the client id related to your Agendize application. It is visible through the Agendize Developer Console.
• client_secret: The client secret related to your Agendize application. It is visible through the Agendize Developer Console.
• redirect_uri: The callback URL used to get the authorization code provided in the previous step.
• code: The authorization code provided in the previous step.
• grant_type: authorization_code.

Response

The JSON formatted response is a JSON Object with the following attributes:

• access_token: token allowing for secure API requests to Agendize.
• refresh_token: token allowing to get a new access token once it is expired.
• expire_in: validity duration of the access token.
• token_type: Bearer (always)

Example

POST request to https://api.agendize.com/o/oauth2/token with Body:

client_id=ce8d8813658b94xxxxxxxx98a68da2b0&client_secret=3563974adbxxxxxxd8a829c9d7 &grant_type=authorization_code&code=e8c511bf968d31xxxxxxc008ed6f5 &redirect_uri=https:///connectedapp.com/oauth2/callback

Response:

The access token has a limited duration (24 hours) and once it expires you need to get a new one. Your application would need to request a new one from the Agendize authorization server.

Your application now has a valid access token to securely call our APIs. See how.

Renew Access token

New access token request

Request

Required parameters:

• client_id: This is the client id related to your Agendize application. It is visible through the Agendize Developer Console.
• client_secret: The client secret related to your Agendize application. It is visible through the Agendize Developer Console.
• refresh_token: The refresh token your application during the token request with authorization code.
• grant_type: refresh_token.

Response

The JSON formatted response is a JSON Object with the following attributes:

• access_token: token allowing for secure API requests to Agendize.
• refresh_token: token allowing to get a new access token once it is expired.
• expire_in: validity duration of the access token.
• token_type: Bearer (always)

Example

POST request to https://api.agendize.com/o/oauth2/token with Body:

client_id=ce8d8813658b94xxxxxxxx68da2b0&client_secret=3563974adb57dccd2xxxxxxxxx829c9d7 &grant_type=refresh_token&refresh_token=9f25cdc86eaxxxxxxxx1e594225c7bd

Response:

Your application now has a valid access token to securely call our APIs. See how.