Hi @tntermini I figured this out a few weeks ago and forgot to respond with my steps. Here’s how to do it:
Set up an API with the following settings:
Authentification: Private Key in Header
Key Name: Authorization
Key Value: Basic Base64EncodedPrivate Key
Then set up these below. Since the authorization token is passed through the URL be sure to grab it when the person actually hits Accept. To get the authorization token, you’ll need to have them navigate to a url that’s structured like so:
It’s helpful to build this link in postman first and then just copy it over. Note that you’ll need to test the link in your development version using “version-test” in the URL but when you push it to live, you need to remove version test from the redirect.
Once you have the authorization token, you can exchange it for an access and refresh token using the same redirect link.
