0

I'm using Postman to obtain the access token as per the documentation provided by Hootsuite. The process involves requesting to authorize endpoint with the required parameters (client_id, response_type=code, redirect_uri and scope). Once the authentication is done, Hootsuite will send access_token and refresh_token.

The provided access token has only 60 minutes expiry time. Therefore, it is required to refresh the token frequently. As per their documentation to refresh the workflow, a server-to-sever request should be done where the refresh_token should be sent in the request to obtain a new access_token (that to be used in the regular calls like scheduling messages) and a new refresh_token that would be used again to get a further newer token and so on.

My code to do that is as follows (comments in the code explain the steps):

<?php
$api = 'https://platform.hootsuite.com/oauth2/token';//endpoint
//parameters passed below
$data = array(
    'grant_type' => 'refresh_token',
    'refresh_token' => 'refresh_token_obtained_during_the_authorization',
    'scope' => 'offline'
);
$payload = json_encode($data);//convert parameters to json
//header sent below
$header = array(
    'client_id: my_client_id_xxxxxxx',
    'client_secret: my_client_seceret_xxxxxx',
    'Content-Type: application/json',
    'Content-Length: ' . strlen($payload)
);
$ch = curl_init($api);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");//set to post.
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);//send the parameters.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);//expect respond.
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);//send headers.
$result = json_decode(curl_exec($ch));//execute
print_r ($result);//get responce
?>

The problem is although I have followed carefully the documentations. However, I keep receiving error message 400 as follows:

stdClass Object ( [error] => invalid_request [error_description] => The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed [error_hint] => The POST body can not be empty. [status_code] => 400 )

I appreciate if you could help me find the mistake in the code or the process itself.

Mostafa
  • 111
  • 2
  • 12

2 Answers2

0

What you should do is not use client_id, client_secret as headers. But you should use the basic auth headers by using curl_setopt.

curl_setopt($ch, CURLOPT_USERPWD, "$my_client_id:$my_client_secret");

Benjamin de Bos
  • 4,334
  • 4
  • 20
  • 30
  • Thanks for the help, actually this also didn't work. in their [documentation](https://platform.hootsuite.com/docs/api/index.html#operation/oauth2Authorize) they mention that (client_id and client_secret) should be sent as headers base64-coded, so I have added the following as a header as per the format that they have mentioned but yet didn't work. ''Authorization: ' . base64_encode('client_id:client_secret')' any idea what could be the reason? – Mostafa Feb 28 '20 at 19:22
0

you need to send the Authorization header as "Basic", and base64 encoded. Here's my python working code:

def refreshToken(self, client_id, client_secret, refresh_token):
    api_path = '/oauth2/token'
    
    auth_msg = client_id + ':' + client_secret
    auth_msg_bt = auth_msg.encode('ascii')
    auth = base64.b64encode(auth_msg_bt)
    auth = auth.decode('ascii')
    
    headers = { 'Authorization' : 'Basic ' + auth }
    data = { 
        'grant_type' : 'refresh_token',
        'refresh_token' : refresh_token     
    }
    try:
        response = requests.post(self.base_url + api_path, data=data, headers=headers)
        return response.json()
    except Exception as e:
        logging.exception('Error while refreshing token', e)
        return None
Tigzy
  • 161
  • 2
  • 12