Getting Started

Follow Up Boss APIs support the OAuth 2.0 protocol. Integration Partners can create an OAuth Client Application to securely obtain authorization consent and perform delegated actions on behalf of a FUB user.

Prerequisites

You will need a few items before creating an OAuth Client App.

  1. Registered System: FUB requires API clients to register their system for source attribution. Therefore, OAuth Client Apps are associated with Registered Systems to extend this source attribution functionality. If you don't already have a Registered System, you can create one here.
  2. Redirect URI(s): FUB uses the OAuth 2.0 Authorization Code Grant Flow to issue access tokens. After obtaining user consent, we create an authorization code and forward it to one of a given set of redirect URIs. These redirect URIs MUST BE publicly accessible and accept HTTP GET requests.

Creating an OAuth Client App

Once you've registered your system, you can then make a request to create a new OAuth Client App. Simply use the POST method and provide your X-System and X-System-Key in the request header. In the request body, provide your redirectUris(as an array). A new OAuth Client will be created for you.

curl --location --request POST 'https://api.followupboss.com/v1/oauthApps' \
--header 'x-System: <your-registed-x-system-name>' \
--header 'X-System-Key: <your-registered-x-system-key>' \
--header 'Content-Type: application/json' \
--data '{
    "redirectUris": ["http://www.yoursite.com/oauth/redirect"],
}'

Example output from the request

{
    "id": 12,
    "name": "Test OAuth Client",
    "redirectUris": [
        "http://www.yoursite.com/oauth/redirect"
    ],
    "clientId": "<REDACTED>",
    "clientSecret": "<REDACTED>",
    "status": 1,
    "createdAt": "2025-01-27T24:59:59Z",
    "updatedAt": "2025-01-27T24:59:59Z"
}

❗️

Store Credentials Securely

The clientSecret field, which is required to use an OAuth Client App, is only returned by the API when the application is initially created. It is not accessible in responses to other requests nor by support representatives after that point. Be sure to store it safely and securely.

❗️

Localhost Redirects Not Allowed

Because OAuth requires our systems to be able to access your redirect URI(s) as noted above, you will not be able to use localhost-based addresses for a redirect URI. If this is required for your development purposes, we recommend searching for a public-facing service that will allow for a redirect to your local machine.


Updating an OAuth Client App

Once you've created your OAuth Client, you can updated the redirectUris when you need to by using the PUT method with your X-System and X-System-Key in the request header. The same rules for not allowing localhost as a redirect apply as well.

curl --location --request PUT 'https://api.followupboss.com/v1/oauthApps' \
--header 'x-system: <your-registed-x-system-name>' \
--header 'X-System-Key: <your-registered-x-system-key>' \
--header 'Content-Type: application/json' \
--data '{
    "redirectUris": ["https://www.reddit.com", "https://www.google.com"]
}'

Example output from the request

{
    "clientId": "efa7d5c9e49ea983046f0768562ef849bea2298f176a564462c5849c04ace35f",
    "redirectUris": [
        "https://www.reddit.com",
        "https://www.google.com"
    ]
}

What’s Next

Your OAuth Client App is ready. Let's figure out how to get users authenticated