Browse topics, discover Works With Legrand community!

No user interface


I have to make an application collecting data from sensors using elliot API. This application is user interface less. It will be continuously running and read out data from the API.


So, using the postman tutorial in Step 3 I got to create the /authorize GET request and copy/paste it in a browser, it displays a connection page, I put my developer credentials and get a code. Then I use this code to get the token.


What is the lifetime of this code? Can I use it forever to get next token.

If I make a user interface less application, just collecting the data, is it enough for me to get one time a code and use it each time I need to recreate a token?

Is it still valid after 90 days of inactivity?


Many thanks


The authorization code is valid only for 10 minutes maximum and is used to retrieve an access_token (valid 1 hour). So, if you apply the token flow from the Step 4 of the tutorial, you don't need anymore to generate authorization codes

Here is more explanation :

When you do a POST request with your authorization code you retrieve an access_token (valid 1 hour) and a refresh_token (valid 7776000 seconds, so 90 days). Your access_token has to be refreshed each hour with the refresh_token code in order to be valid.
But each time you make your POST request, your access_token changes AND your refresh_token changes too. So each hour you retrieve a new refresh_token with a 90 days lifetime.
If you use the first refresh_token you retrieved from your very first request and never update it, every 90 days you will have to renew this Oauth2 authentication process.
So you have to use the new generated refresh_token code if you want your grant access to be valid forever (in fact, each hour you get a new access right for 90 days).


Hoping it's more clear for you,

Have a good day,

Leslie - Community Manager


OK sounds clear.

So the /authorize request gives a code valid for 10 minutes to make a first request to /token. If the request is not made in the ten minutes the code is no more valid and so the token cannot be created.

There is no way to have the full process from /authorize to /token done completely via API without any user interaction?




This token process can be automated in the code of your application to automatically generate access and refresh tokens

I can't help you with pure development questions, but you may find more information about the way to implement it on the 0auth2 official website or on different forums

Have a good day,

Leslie - Community Manager

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.


message3 replies
people2 participants