Authentication Pseudo code walk thru??

weemo33weemo33 Posts: 7Member

Hi,

I was able to connect and retrieve customers. However, I would like some sort of a walk through as to how the Authentication process should be handle by a client. The way I did it:

  1. I have a view that initiates the connection with Lightspeed. It sends my Client ID, the scope etc etc.
  2. I get redirected to the main view which turns the Temporary Code and exchanges it for an access token. I use this same function/view to retrieve AccountID (customers accounts).


This works but somehow it retrieves 20-30 (dont remember the number) of records because I guess it needs to be paginated. My confusion is, do I have to use the same code all together everytime I jump to another page of my client?? A pseudo code would greatly help me and I am sure others on how to build a working client.



Thanks

1 comment

  • Adrian SamuelAdrian Samuel Posts: 368Moderator, Lightspeed Staff moderator
    edited March 21

    @weemo33 Great question! Before we go into depth on this, I wanted to state that you only need to access token once and then you need to use refresh token to refresh it


    As it states in the docs:

    " The refresh token is given along with the first access token that’s issued when your application is authorized on a Lightspeed Retail account. When an access token expires, you can use the refresh token to get a new access token without user interaction." https://developers.lightspeedhq.com/retail/authentication/refresh-token/

    You make a request like so and then you have your "refreshed" access token.

    $ curl -F 'refresh_token={Refresh Token}' \
    -F 'client_id={Client ID}' \
    -F 'client_secret={Client Secret}' \
    -F 'grant_type=refresh_token' \
    https://cloud.lightspeedapp.com/oauth/access_token.php
    


    In your code you only want to go through that original authentication process once.

    So you could wrap your original client authentication process in an if statement


    IF access_token does not exist then initiate access token function.

    IF access_token does exist but access_token has expired then refresh token.

    IF access_token does exist and access_token has not expired then make request


    Does this above serve an answer to your question?

Sign In or Register to comment.