Logging In the Authentication Server

Notice on upcoming changes for Construct tokens

To enhance technology, security, and PCI compliance we are modifying the token expiration times for Construct authentication tokens. These changes will take effect from May 31st, 2024. The new expiration times are as follows:

• Access tokens: 15 minutes
• Refresh tokens: 8 hours

To avoid service disruptions, you must update your applications to adapt to these new expiration times before May 31, 2024.

If you have additional questions, please contact customer support at support@accela.com

---

Accela API authentication uses the OAuth 2.0 standard and offers multiple login flows to suit different app implementation scenarios.

The login flow generates an access token, which you can use to make API calls on behalf of a user. Accela client SDK handles access token generation, persistence, signing of API calls automatically. Server-side login flow can be used in cases where use of client side SDK is not appropriate or you want to develop an app in a language where SDK is not yet available.

To get started, first log in to Accela Developer Portal and create an agency or citizen app. Enter “Authorized Redirect URIs” to limit the redirect URIs. It will prevent the access token that is appended to the redirect URI from sending to other URIs. Once an app is created, note down the app ID and app secret values. Then you can use the authorization code flow and implicit flow defined by OAuth2 to get access tokens. After getting the access tokens, you can invoke APIs using the access tokens.

Topics

• Authorization Code Flow

• Implicit Flow

• Password Credential Login