Posted a duplicate by refreshing the page - tried deleting this so hopefully it will be gone soon. Feel free to ignore.

Greetings!  
 

To work with OAuth 2.0, follow these steps:

1. Open the System Designer via settings.  

2. Navigate to the Import and Integration block → OAuth 2.0 Integrated Applications.  

3. Create a new record.  

4. After that, copy the following credentials:  
  - Client ID  
  - Client Secret  

5. Use Postman or any other platform convenient for working with APIs.  

6. Send a POST request to get tokens:  

POST https://website-is.creatio.com/connect/token

7. In the response, you will receive:  

{
 "access_token": "<TOKEN>",
 "expires_in": 3600,
 "token_type": "Bearer",
 "scope": "<SCOPE>"
}

  You will only need the access_token.  

8. Use the token to make the following request, for example:  

GET https://website.creatio.com/0/odata/Contact
Authorization: Bearer <TOKEN>

You will successfully retrieve the data.  

For more detailed information about working with OAuth, I recommend referring to the documentation:  
https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platform/integrations-and-api/authentication/oauth-2-0-authorization/identity-service-overview

Best regards, 
Orkhan

it is in the system settings. Generally it is https://[instanceName]-is.creatio.com/connect/token

For example, if my instance is autos.creatio.com, the url would be https://autos-is.creatio.com/connect/token

Thank you! That's exactly what we needed.

Hello!

You cannot decrypt the encrypted field. 
The data in the secret field is hidden because it contains confidential information for a specific system. 
You don't need the secret key from system settings to set up OAuth integration. Please follow the instructions provided to resolve the issue:
https://academy.creatio.com/docs/8.x/setup-and-administration/on-site-d…

Hello!

OAuth (Open Authorization) is a trusted, widely used standard protocol for authentication and authorization. It allows users to grant access to their resources on one website or application to a third-party application without disclosing their credentials, such as username and password. This approach enhances security and reduces the risk of credential theft. 

According to the basic logic of OAuth, the connection is created only once and only for one user. You can create another connection for the new user, however, there is no alternative way to bypass the logic as you described.

Hope the information was useful.

Hi,

Thank you for your answer. In that case, I am very curious about how you refresh the token given by the third party application. Essentially, what happens when the token expires ?

Thibault Cros,

To get a refresh_token, it will be necessary to add settings for "Auth code request URL" as it is described here: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/#how-do-i-get-a-new-access-token--if-my-access-token-expires-or-is-revoked-

We will be glad to help with any other questions.

Hello Altaf, 

In order to enable OAuth2.0 functionality for the cloud-based instance, you need to contact our support team using support@creatio.com.

The functionality will be enabled from our side and there will be no need to populate the settings manually. 

Best regards,

Anastasiia

Hello Pratic,



Unfortunately, the is no way to set up OAuth Authentication in web service without Auth code request URL.



This parameter is necessary to identify users.



Best regards,

Bogdan