Setup Infusionsoft Oauth for WordPress Plugins

If you made it here, that’s because either A. you are very lost, or B. You are trying to connect your WordPress plugin to the Infusionsoft API via the Oauth method.

If it’s the later, you are in the right place.

My name is Adrian Tobey, and I developed a plugin that you can install on your WordPress website to use it as a proxy so your users can authenticate their websites to use Infusionsoft.

It originally started as a  solution to use for my own plugin, FormLift, to allow me to collect API stats from my users. I’ve worked out all the kinks, and it’s pretty seamless, battle tested and ready for you to install.

Before we get started, there is code ahead, which hopefully shouldn’t be a problem for you!

This is the systematic process to make your Plugins future ready!

Step 1:

You need to install this plugin. Activate it on your website, or whichever site you want to act as your proxy.

Go to the settings found in Settings > Oauth Proxy, and enter your APPs information provided by Mashery.

Step 2:

You’ll then need to MODIFY your plugin to actually connect via the proxy. Luckily for you, I’ve included a boiler plate in the plugin folder which you may use as a template to connect to the proxy.

But, should you wish to go it alone, there are three methods you really need be aware of to go through the connection and refresh process.


You will need to perform the initial connection to the proxy, which is quite easy.

All you need to do is send the user to your Oauth URL with the following information.

redirectUri, or essentially the return URL of the clients site, so whatever admin page they are initially coming from.

OauthClientPass, a generated password or Nonce for security purposes when finishing the activation process.

OauthConnect, just a variable to let the proxy know you want to perform and Oauth request.

Below is an example.


After the user selects the app they want to authenticate, the user will be redirected back to the redirectUri you specify above. You will then need to capture the following variables from $_GET.

access_token - Will be base64encoded
refresh_token - Will be base64encoded
expires_in - Will be base64encoded
appDomain - Will be base64encoded
OauthClientPass - Will be base64encoded

It is then your responsibility to perform the validation of the password, and store those variables as you see fit. As above, all the return variables will be base64encoded for security.


Refresh is different as it happens without the user taking any action, and thus is an automatic process.

So we can use POST rather than encoded GET.

Post to your proxy url with the following parameters.

$params = array(
    'OauthToken' => base64_encode( $token ),
    'OauthRefresh' => 'refresh_token'

The proxy will respond with a json encoded object with the new tokens. I recommend using json_decode( $response, true ) to output the following array.

    'access_token' => 'new_access_token',
    'refresh_token' => 'new_refresh_token',
    'expires_in' => 'new_ttl'

You may handle that information as you choose. Essentially just update your tokens and keep on using that API!

Step 3:

Leave a review on our WordPress repository page to let us know if we help you out at all!