The Axosoft API uses the OAuth2 protocol for authentication and authorization. Depending on the application you are developing, you can choose from two different flows - one utilizing the Authorization Code grant type, and one using a Username/Password grant type. At the end of each flow, the client application is provided with an Access Token, which it can use to access Axosoft data on behalf of the end user. Access tokens expire after 30 days.
The authorization code grant type is best for web and native applications which can use a browser. The end user is redirected to the Axosoft website, where they can log in and authorize the client application with access to Axosoft data. The client application is then provided with an Authorization Code, which it can use to obtain an Access Token.
Learn MoreThe username/password grant type is only permitted for private client applications. The end user grants the client application access with their username and password. The client application then exchanges the credentials to obtain an Access Token. The credentials should not be stored by the application - the Access Token can be stored instead.
Learn More