CRM Authentication
Data2CRM.API supports a few methods of authenticating with the CRM platforms.
In some CRMs (i.e. Salesforce), Data2CRM.API supports several authentication types.
The supported authentication CRM types:
| Type | Example description |
|---|---|
oAuth-internal |
During oAuth authorization via Data2CRM.API app, you need to redirect the user to a specific service page and define where the user should be turned back. After the user confirms the authorization, the service will redirect the user to identified address and give the parameters for adding the application. In this case, the authorization parameters will be updated on the Data2CRM.API side using a refresh token parameter.
Salesforce as on example:
During the oAuth authorization via Data2CRM.API app, you need to redirect the user to Note! The role of the user influences on the sent API calls. It means that the abilities: create, view, edit, and delete records via API will be equal to the permissions granted to this very user. |
oAuth-external-refresh |
During this authorization, you need to receive the access parameters using this instruction:
After that, instance_url and access_token can be used as the access credentials for Data2CRM.API system. When the When you get the new authorization parameters, you should update them in Data2CRM.API system. Use "Update application information" methods for that. Note! The role of the user influences on the sent API calls. It means that the abilities: create, view, edit, and delete records via API will be equal to the permissions granted to this very user. |
key |
The role of the user influences on the sent API calls. It means that the abilities: create, view, edit, and delete records via API will be equal to the permissions granted to this very user. |
user |
The role of the user influences on the sent API calls. It means that the abilities: create, view, edit, and delete records via API will be equal to the permissions granted to this very user. |
To see more extended description and detailed instructions, you should do the next:
# Request
curl -X GET \
--header "Accept: application/json" \
--header "X-API2CRM-USER-KEY: " \
"https://api-2445581398133.apicast.io:443/v1/platform"
# Response
HTTP/1.1 200
[
{
"type": "Salesforce",
"name": "Salesforce",
"authorization": [
{
"type": "oAuth-internal",
"description": "During the oAuth authorization via Data2CRM.API app, you need to redirect the user to https://api.api2crm.com/authorization/oauth/Salesforce/authorize?redirect=. Here stands for the address where we should drive the user back and transfer into URL hash the authorization parameters: instance_url, access_token, refresh_token. After that, they can be used as the access credentials for Data2CRM.API system. That allows us to refresh the authorization parameters on our side by using refresh_token.
Note! The role of the user influences on the sent API calls. It means that the abilities: create, view, edit, and delete records via API will be equal to the permissions granted to this very user.",
"platform_credential": [...]
},
{
"type": "oAuth-external-refresh",
"description": "...",
"platform_credential": [...]
}
],
"resource": { ... }
},
{
"type": "Hubspot",
"name": "Hubspot",
"authorization" : [...],
"resource": { ... }
},
…
}
You can send this request via a sandbox on our interactive documentation. Try request now
Authentication example: oAuth-internal
Check out the sample of the oAuth-internal authorization type to get the access to data in the CRM on the Salesforce
# Page with a button
<button onClick="window.location.href='https://api-backend.api2crm.com/authorization/oauth/Salesforce/authorize?redirect=https://domain.com/salesforce/integration'">OAuth</button>
# After the click, you will see the Salesforce authorization forms where you need to authorize. Once you have successfully authorized, click on the “Allow” button to grant the access to Data2CRM.API, after that we will provide the access keys under the following redirect: https://domain.com/salesforce/integration#instance_url=https%3A%2F%2Feu6.salesforce.com%2F&access_token=01D580000001LOG%21AQ0AQPyOaHU5jcHui420gouViJbOdW5LGztE0aq2w4fmQ1S_zYYv9I3rDT2EWEckz39DPNJ2PLn_8Dyue019x3g.xe88jmmx&refresh_token=5Aep861D4x32iD8mDLcyA0zLu4dk63DrhtXm8yboG32AyMyeKOfIUf0jzRrb040xJJIzyGz.Snkm5tqnERnMzfdn
# Request
curl -X POST \
--header "Accept: application/json" \
--header "X-API2CRM-USER-KEY: <your_user_key>" \
-d "{
\"type\": \"Salesforce\",
\"authorization\": \"oAuth-internal\",
\"credential\": [
{
\"name\": \"instance_url\",
\"value\": \"https://eu6.salesforce.com/\"
},
{
\"name\": \"access_token\",
\"value\": \"01D580000001LOG%21AQ0AQPyOaHU5jcHui420gouViJbOdW5LGztE0aq2w4fmQ1S_zYYv9I3rDT2EWEckz39DPNJ2PLn_8Dyue019x3g.xe88jmmx\"
},
{
\"name\": \"refresh_token\",
\"value\": \"5Aep861D4x32iD8mDLcyA0zLu4dk63DrhtXm8yboG32AyMyeKOfIUf0jzRrb040xJJIzyGz.Snkm5tqnERnMzfdn\"
}
],
\"description\": \"Optional text description\"
}" \
"https://api-2445581398133.apicast.io:443/v1/application"
# Response
HTTP/1.1 201
{
"key": "<your_user_key>"
}
Authentication example: oAuth-external-refresh
Check out the sample of the oAuth-external-refresh authorization type to get the access to data in the CRM on the Salesforce
# Page with a button
<button onClick="window.location.href='https://domain.com/salesforce/integration'">OAuth</button>
# After the click
During this authorization, you need to receive the access parameters using this instruction: instance_url, access_token, refresh_token.
# Request
curl -X POST \
--header "Accept: application/json" \
--header "X-API2CRM-USER-KEY: <your_user_key>" \
-d "{
\"type\": \"Salesforce\",
\"authorization\": \"oAuth-internal\",
\"credential\": [
{
\"name\": \"instance_url\",
\"value\": \"https://eu6.salesforce.com/\"
},
{
\"name\": \"access_token\",
\"value\": \"01D580000001LOG%21AQ0AQPyOaHU5jcHui420gouViJbOdW5LGztE0aq2w4fmQ1S_zYYv9I3rDT2EWEckz39DPNJ2PLn_8Dyue019x3g.xe88jmmx\"
}
],
\"description\": \"Optional text description\"
}" \
"https://api-2445581398133.apicast.io:443/v1/application"
# Response
HTTP/1.1 201
{
"key": "<your_user_key>"
}
Authentication example: key
Check out the sample of the key authorization type to get the access to data in the CRM on Insightly
# Request
curl -X POST \
--header "Accept: application/json" \
--header "X-API2CRM-USER-KEY: <your_user_key>" \
-d "{
\"type\": \"Insightly\",
\"authorization\": \"key\",
\"credential\": [{
\"name\": \"api_key\",
\"value\": \"<insightly_crm_api_key>\"
}],
\"description\": \"Optional text description\"
}" \
"https://api-2445581398133.apicast.io:443/v1/application"
# Response (success)
HTTP/1.1 201
{
"key": "<your_user_key>"
}
Authentication example: user
Check out the sample of the user authorization type to get the access to data in the CRM on HubSpot CRM
# Request
curl -X POST \
--header "Accept: application/json" \
--header "X-API2CRM-USER-KEY: <your_user_key>" \
-d "{
\"type\": \"HubSpot\",
\"authorization\": \"user\",
\"credential\": [
{
\"name\": \"email\",
\"value\": \"<hubspot_crm_user_email>\"
},
{
\"name\": \"password\",
\"value\": \"<hubspot_crm_user_password>\"
},
{
\"name\": \"hub_id\",
\"value\": \"<hubspot_crm_hub_id>\"
}
],
\"description\": \"Optional text description\"
}" \
"https://api-2445581398133.apicast.io:443/v1/application"
# Response (success)
HTTP/1.1 201
{
"key": "<your_user_key>"
}
hub_id in HubSpot CRM. Other CRM platforms with the user authorization type do not require such a parameter.
To specify what is exactly required for defined CRM type, use the API request
[get] /platform/{crmtype}