Versions Compared

Old Version 4

changes.mady.by.user Stefano Mantegazza

Saved on

compared with

New Version 5

changes.mady.by.user Stefano Mantegazza

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Client application registration: developers need to perform this step must be done by the developer on within the MailUp Dev portal* and it is necessary in order to receive the application credential credentials (client_id and client_secret). Without those credential these credentials the application will never not be recognized by the authorization server and no access will ever be granted to it. The client credentials must be saved it won't be able to access the system. We recommend that the client credentials should be saved in a safe way (e.g. inside the application code or in a convenient manner so nor the user nor any other could change them. Is a developer responsibility to keep them secret and not to exchange them with anyone) in order to prevent any changes. The developer is in charge of keeping them secret and safe.
  2. Authorization: In this step the client application request for requests the user an authorization by sending its private credentials to the authorization server. The authorization server will authenticate authenticates the client application and redirect redirects the user to a private page. After a successful loginIf the login is successful, the user will be is asked to confirm the authorization to the application. If confirm is givenAfter the confirmation, the server will provide provide an authorization code to the client application with an authorization code.This authorization code has limited validity in time, must duration: it should not be saved and must should be immediately used to request authorization server for an access code via an authorization server.
  3. Impersonation: In this step the client application will request for requests an access token by sending to the authorization server its client credentials and authorization code to the authorization codeserver. If the provided data is validare valid, the server will return returns the access credential credentials (access_token, refresh_token and expiration timespan) to be used for resource requests. The access credential Access credentials should be saved stored for further future use.

Because access As the token has limited validityduration, it should be refreshed from time to time. This is possible by requesting the authorization server to refresh tokens providing to it the client credentials and the previously obtained refresh token. Different are the ways the client could recognize the necessity to refresh the access token so it's up to the developer how to proceed.
Basically the application should check for access token expiration time or intercept http status codes and handle them in a convenient manner.

 

*Please contact MailUp support if  if the MailUp Dev portal is not accessible.