How to obtain an access token
Once you have created a developer application for the products you want to access, you first obtain an authorization code. The authorization code can then be sent with additional client data to generate an access token for future API calls.
IMPORTANT: To get an access token for GoToAssist Corporate see the GoToAssist Corporate API specification.
Obtaining an authorization code
- Choose OAuth Clients on the main menu.
- Open your client and copy the client ID value.
- Insert the client ID into the Sample URL below to replace {clientID}.
- Enter a valid redirect URI to replace {redirectUri}.
- Send the call from your browser address/search field. You are directed to the LogMeIn sign in page.
- If you are not already logged in, you will sign in with your credentials and must click Allow to authorize access for your API client.
- You are then automatically redirected to the redirect URI. The redirect URI (in the browser address bar) includes an authorization code.
NOTE: Only the scopes set in your OAuth client will be requested from your end users.
Sample URL
https://api.getgo.com/oauth/v2/authorize?client_id={clientID}&response_type=code&redirect_uri={redirectUri}
With (fake) values filled in, the call looks like:
https://api.getgo.com/oauth/v2/authorize?client_id=a2094c4f-fAk0e-4339-934f-4da2d788d0aa&response_type=code&redirect_uri=https://example.com
Allow screen sample
IMPORTANT: You may see an error on the page such as 404 NOT FOUND. This is not a problem. Look at the URL in the browser. It contains the authorization code you need for the next step. It will look something like:
https://example.com/?code=iS0vynEEvRFA9i6kZ8gvNDnnOGE...
Only a small fragment of the authorization code is shown here as it is at least 10 times larger. Retain this code for the next step.
Obtain an access token
You can now send the authorization code in exchange for an access token. Each authoization code can only be exchanged once. Any subsequent attempts will result in an error.
Request an access token using a POST call. This call can be sent through Postman, using the cURL command line, or other API clients.
cURL syntax below shows the full request. Details on creating the Authorization header and the other POST data follows the code sample.
curl -X POST "https://api.getgo.com/oauth/v2/token" \
-H "Authorization: Basic YTIwfAKeNGYtODY4YS00MzM5LTkzNGYtNGRhMmQ3ODhkMGFhOjNuYU8xMElBMmFnY3ZHKzlJOVRHRVE9PQ==" \
-H "Accept:application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "redirect_uri=https://example.com&grant_type=authorization_code&code=iS0vynEEvRFA9i6kZ8gvNDnnOGE..."
The code value above is truncated for clarity in the example.
Authorization header
The Authorization header is created by base64-encoding the app's client ID and client secret. To encode these values, open an encoding site, for example, Base64Encode.org, and paste in the client ID, add a colon (:), and then paste in the client secret. No spaces, no quotes, no brackets. Submit the values and an encoded value is returned that will look something like:
YTIwfAKeNGYtODY4YS00MzM5LTkzNGYtNGRhMmQ3ODhkMGFhOjNuYU8xMElBMmFnY3ZHKzlJOVRHRVE9PQ==
Add this value to the Authorization header after the word Basic as shown in the cURL example above.
Data Parameters
| Parameter | Description | Format | Required |
|---|---|---|---|
| grant_type | authorization_code | string | Yes |
| code | authorization code | string | Yes |
| redirect_uri | location where authorization code will be sent | string | No |
Response example
IMPORTANT: The access token and refresh token values are truncated. They are large values.
{
"access_token": "eyJraWQiOiJvYXV0aHYyLmxt666...",
"token_type": "Bearer",
"refresh_token": "eyJraWQiOiJvYXV0aHYyLmxt999...",
"expires_in": 3600,
"account_key": "9999982253621659654",
"account_type": "",
"email": "mister.jones@fakemail.com",
"firstName": "Moon",
"lastName": "Beam",
"organizer_key": "8439885694023999999",
"version": "3"
}
Response data
The following is sample output.
| Parameter | Description |
|---|---|
| access_token | OAuth access token |
| token_type | The type of the access token (always "Bearer") |
| refresh_token | Refresh token identifier, valid for 30 days, or until product logout |
| organizer_key | GoTo product user organizer key |
| account_key | GoTo product account key (may be blank) |
| account_type | GoTo product type “personal” or “corporate” (may be missing or blank) |
| firstName | GoTo product user organizer first name (G2M only) |
| lastName | GoTo product user organizer last name (G2M only) |
| GoTo product user organizer email (G2M only) | |
| version | The version of the access token |
This access token can now be used to authorize API requests by setting it in the Authorization header with the following format: "Authorization: Bearer {access_token}". E.g. for the GET Me request of the Admin API:
curl -H "Accept: application/json" \
-H "Authorization: Bearer eyJraWQ..." \
"https://api.getgo.com/admin/rest/v1/me"
- How much do the LogMeIn APIs cost?
- How do I get started?
- How do I get support for the APIs?
- Can I access more than one product API?
- What are the rate limits for the APIs?
- How to login or create a developer account
- How to create an OAuth client
- How to obtain an access token
- How to obtain and use refresh tokens
- How to use Postman API collections
- GoToWebinar webhooks
- How to use GoToWebinar webhooks
- How to use GoToConnect API to fetch Account Users and Lines
- Date and time conventions
- Paging, Sorting & Filtering Output
- OAuth Migration Guide
- Direct Login Migration
- Migrating from GoToConnect to LogMeIn Authentication API
- Introduction
- Java SDK
- .NET SDK
- SDK License Agreement