Getting Started
Follow Up Boss APIs support the OAuth 2.0 protocol. Integration Partners can create an OAuth Client Application to securely obtain authorization consent and perform delegated actions on behalf of a FUB user.
Prerequisites
You will need a few items before creating an OAuth Client App.
- Registered System: FUB requires API clients to register their system for source attribution. Therefore, OAuth Client Apps are associated with Registered Systems to extend this source attribution functionality. If you don't already have a Registered System, you can create one here.
- Redirect URI(s): FUB uses the OAuth 2.0 Authorization Code Grant Flow to issue access tokens. After obtaining user consent, we create an authorization code and forward it to one of a given set of redirect URIs. These redirect URIs MUST BE publicly accessible and accept
HTTP GET
requests.
Creating an OAuth Client App
Once you've registered your system, you can then make a request to create a new OAuth Client App. Simply use the POST
method and provide your X-System
and X-System-Key
in the request header. In the request body, provide your redirectUris
(as an array). A new OAuth Client will be created for you.
curl --location --request POST 'https://api.followupboss.com/v1/oauthApps' \
--header 'x-System: <your-registed-x-system-name>' \
--header 'X-System-Key: <your-registered-x-system-key>' \
--header 'Content-Type: application/json' \
--data '{
"redirectUris": ["http://www.yoursite.com/oauth/redirect"],
}'
Example output from the request
{
"id": 12,
"name": "Test OAuth Client",
"redirectUris": [
"http://www.yoursite.com/oauth/redirect"
],
"clientId": "<REDACTED>",
"clientSecret": "<REDACTED>",
"status": 1,
"createdAt": "2025-01-27T24:59:59Z",
"updatedAt": "2025-01-27T24:59:59Z"
}
Store Credentials Securely
The
clientSecret
field, which is required to use an OAuth Client App, is only returned by the API when the application is initially created. It is not accessible in responses to other requests nor by support representatives after that point. Be sure to store it safely and securely.
Localhost Redirects Not Allowed
Because OAuth requires our systems to be able to access your redirect URI(s) as noted above, you will not be able to use localhost-based addresses for a redirect URI. If this is required for your development purposes, we recommend searching for a public-facing service that will allow for a redirect to your local machine.
Updating an OAuth Client App
Once you've created your OAuth Client, you can updated the redirectUris
when you need to by using the PUT
method with your X-System
and X-System-Key
in the request header. The same rules for not allowing localhost
as a redirect apply as well.
curl --location --request PUT 'https://api.followupboss.com/v1/oauthApps' \
--header 'x-system: <your-registed-x-system-name>' \
--header 'X-System-Key: <your-registered-x-system-key>' \
--header 'Content-Type: application/json' \
--data '{
"redirectUris": ["https://www.reddit.com", "https://www.google.com"]
}'
Example output from the request
{
"clientId": "efa7d5c9e49ea983046f0768562ef849bea2298f176a564462c5849c04ace35f",
"redirectUris": [
"https://www.reddit.com",
"https://www.google.com"
]
}
Updated 11 days ago
Your OAuth Client App is ready. Let's figure out how to get users authenticated