Auth

Authorization

In order to access system data, user account authorization is required. All methods may be used only after authorization.

API-key authorization

The API-key management available in Personal > All settings > API page.

On Api page Administrator can create, delete and set permissons for API-keys, what methods and objects are available using current API-key.

Deleting the API-key permanently removes key and all permissions.

For API-key authentication required to include it in each request (POST & GET) in api_key parameter.

https://company.flowlu.com/api/v1/module/crm/lead/list?api_key=dDhlTUtENmp4OFBGQkN0N2hUMUNUQ0FFeGI5N2JRZ0VfMQ


Login and password authorization (OAuth access token)

Flowlu limitedly supports OAuth2 by login and password (grant_type=password).

ATTENTION! The API access by OAuth2 available only for Administrators.

Getting the Access Token

Send following POST request parameters

Parameter name Description
grant_type authorization type, shall be password
username user login
password user password
client_id identifier of your application

The response contain JSON-object. If authorization was successful response will contain access_token

Example CURL
curl https://my.flowlu.ru/auth/token \
  -d "grant_type=password&username=r@flowlu.com&password=qwerty&client_id=android_app_v1"
Example PHP
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://my.flowlu.com/auth/token');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
  'username'  => 'r@flowlu.com',
  'password'  => 'qwerty',
  'grant_type'=> 'password',
  'client_id' => 'android_app_v1'
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close ($ch);

print_r(json_decode($response, true));
Successful response example
{
  "access_token": "591ec32096b934-94823072",
  "token_type": "bearer"
}
Error response example
{
  "error": "invalid_grant",
  "error_descrption": "Неверные имя пользователя или пароль"
}
Errors description
invalid_grant Login or password is incorrect
invalid_request_ssl Unsafe request (SSL required)
invalid_request Request error (required parameters missing or incorrect grant_type parameter)

Access token using

Using access token all requests can be sent by HTTP Basic Auth method:

Example CURL
curl -u bearer:591d8a5e8431c1-13312602 https://company.flowlu.com/api/v1/module/crm/lead/list
Example PHP
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://company.flowlu.com/api/v1/module/crm/lead/list');
curl_setopt($ch, CURLOPT_USERPWD, 'bearer:591d8a5e8431c1-13312602');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);