Accessing the Hootsuite REST API
This guide describes how to get an access token to call external API's from an App Directory application on behalf of a member who has installed the application.
Once you have an access token on behalf of a member, you can make external API calls as documented in Media Upload and Scheduling with External Publishing API.
Using the token endpoint with the member_app grant type, we can get access tokens to make API calls on behalf of a member who has installed your application.
This will only succeed provided the member has installed the App Directory application linked to your API client ID.
curl -X POST \
https://platform.hootsuite.com/oauth2/token \
-H 'Authorization: Basic bDd4eDY2ODZhZmJhY2NlNDQ4YTBiODY1MmRjYzVjZjlkYTM0OjU4NTVlMmMxOGUzMzQ4YjA5ZmM4NzQ2MGM5OTFjNzEz' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=member_app&member_id=[member_id]'
{
"access_token": "A95a3BznNGsL1AIss-8PfX62tsLliz1_yQ2tWW7fpq8.2TuqhGnbRWHTlNGAtdKB4iA8RZZrfZAp7y81xN-Mw3I",
"expires_in": 3599,
"scope": "",
"token_type": "bearer"
}
Breakdown of the response
access_token: The token that can be used to make API calls as the member corresponding to the member_id used in the request.
expires_in: The expiry of the token in seconds (3599 is an hour).
`scope: The valid scopes of the token.
token type: The type of your token. It should always be Bearer.
- When a member uninstalls an App Directory app, any access token granted to that app on behalf of that member will be revoked. In this case, API calls will fail with this error:
{
"error": "request_forbidden",
"error_description": "A validator returned an error: The request could not be authorized"
}
Updated over 1 year ago