Authentication Pseudo code walk thru??

weemo33weemo33 Member Posts: 9


I was able to connect and retrieve customers. However, I would like some sort of a walk through as to how the Authentication process should be handle by a client. The way I did it:

  1. I have a view that initiates the connection with Lightspeed. It sends my Client ID, the scope etc etc.
  2. I get redirected to the main view which turns the Temporary Code and exchanges it for an access token. I use this same function/view to retrieve AccountID (customers accounts).

This works but somehow it retrieves 20-30 (dont remember the number) of records because I guess it needs to be paginated. My confusion is, do I have to use the same code all together everytime I jump to another page of my client?? A pseudo code would greatly help me and I am sure others on how to build a working client.


1 comment

  • Adrian SamuelAdrian Samuel Moderator, Lightspeed Staff Posts: 654 moderator
    edited March 2019

    @weemo33 Great question! Before we go into depth on this, I wanted to state that you only need to access token once and then you need to use refresh token to refresh it

    As it states in the docs:

    " The refresh token is given along with the first access token that’s issued when your application is authorized on a Lightspeed Retail account. When an access token expires, you can use the refresh token to get a new access token without user interaction."

    You make a request like so and then you have your "refreshed" access token.

    $ curl -F 'refresh_token={Refresh Token}' \
    -F 'client_id={Client ID}' \
    -F 'client_secret={Client Secret}' \
    -F 'grant_type=refresh_token' \

    In your code you only want to go through that original authentication process once.

    So you could wrap your original client authentication process in an if statement

    IF access_token does not exist then initiate access token function.

    IF access_token does exist but access_token has expired then refresh token.

    IF access_token does exist and access_token has not expired then make request

    Does this above serve an answer to your question?

    Adrian Samuel

    Software Developer

    Lightspeed HQ

Sign In or Register to comment.