Authorization Flows
The API clients you create in HotDocs Advance each have an authorization flow that determines how the client retrieves an access token for making a request to the Advance API. The authorization flow is selected when creating a new API client.
Overview
The HotDocs Advance API supports the following authorization flows:
- Hybrid – the client gets a token as part of a sign-in process for a real user
- ResourceOwner – theclient gets tokens by impersonating a service account
- Implicit – the client gets a token as part of a sign-in process for a real user, without needing a secret; recommended for single-page applications
You select the type of authorization flow the client will use when creating a new API client.
Common Tasks
- Creating a new API client
- Editing an API client
- Adding a Service Principal to a Client – for the Resource Owner flow only
- Get an access token using the Resource Owner flow
- Get an access token using the Implicit flow
Workflow
You need to select an authorization flow when creating or editing an API client. The authorization flow selected for a client will determine the authorization process when retrieving an access token with that client.
Resource Owner Flow and Service principal Accounts
Clients using the resource owner flow require an associated service principal account. The service principal account is a type of user account in Advance that acts on behalf of the client. You will need to add a service principal after you create a client that uses the resource owner flow.