Authorization Flows

The API clients you create in HotDocs Advance each have an authorization flow which determines how the client retrieves an access token for making a request to the Advance API. You select the authorization flow when creating a new API client.

Overview

The HotDocs Advance API supports the following authorization flows:

  • ResourceOwner – the client gets tokens by impersonating a service account
  • Implicit – the client gets a token as part of a sign-in process for a real user, without needing a secret; recommended for single-page applications

You select the type of authorization flow the client will use when creating a new API client.

Common Tasks

Workflow

You need to select an authorization flow when creating or editing an API client. The authorization flow selected for a client will determine the authorization process when retrieving an access token with that client.

Resource Owner Flow and Service Principal Accounts

Clients using the resource owner flow require an associated service principal account. The service principal account is a type of user account in Advance that acts on behalf of the client. You will need to add a service principal after you create a client that uses the resource owner flow.