Application OAuth Token Generation
These are instructions for integrating your app with the Active911 Developer API.
Registration
The first step for 3rd party developers is to register your application.
The following information is required to add your client application to our system.
Application Name
Main Point of Contact
Name
Email
Photo ID
Phone Number
Company
Proof of Business Documentation (Business License or other Official Documentation)
Redirect URI - A redirection endpoint which will accept the authorization code generated by our system. This should be the full url of a your endpoint, but we will also accept the base domain name under which your endpoint lives.
Note: The Redirect URI is mandatory for web-based applications. If you are developing a native application, this is not necessarily required, though we do still recommend that you set this to your domain name so that you can identify the authorization code redirect in your native application.
If no Redirect URI is specified, we will set this to "http://localhost".
You may submit this via email to support@active911.com with the subject line of "Open API Developer Registration"
Once processed, you will receive in return a client_id, a derivative of your Application Name, and client_secret which will be used in requests to our authorization server.
Authorization Code
3rd party applications must use the Authorization Code workflow, starting with a request to https://access.active911.com/interface/open_api/authorize_agency.php by using a GET request. This workflow requires you to be logged in to the Active911 website and to have edit_agency permission on the agency you want to generate the auth code for.
Parameter | Required | Description |
client_id | yes | The client_id given to your application when you registered it with us |
response_type | yes | Currently we only support the Authorization Code workflow, so this must be set to "code" |
redirect_uri | yes | The url you want the user to be redirected to after they authorize your request |
scope | yes | The permissions you are requesting access for. This is a space delimited list of one or more of these scopes. The scopes you can request are limited to the ones the application is registered for. |
state | no | You may set this to a particular value, and that value will be resent upon redirection after authorization |
Upon authorization by the user, this will redirect to the redirection uri specified with the authorization code included as a query parameter: <REDIRECTION URI>/?code=<your new authorization code>
Access/Refresh Token Generation
You may exchange the authorization code for an access token and refresh token at https://access.active911.com/interface/open_api/token.php by using a POST request
Parameter | Required | Description |
client_id | yes | The client_id given to your application when you registered it with us |
client_secret | yes | The client_secret given to your application when you registered it with us |
grant_type | yes | For initial token generation, this must be set to "authorization_code" |
scope | yes | The permissions you are requesting access for. |
code | yes | The Authorization code you generated. |
This will return a JSON object with:
{
"access_token": "<The access token used to access the api>",
"token_type": "Bearer",
"expires_in": "<Seconds until the access token expires>" ,
"refresh_token": "<The refresh token used to get a new access token when this one expires>",
"scope": "<The scope of permissions granted to this token. May be less than the scope requested>"
}
The access token can then be used to access our API. It has a lifetime of 1 day before it expires.
The refresh token can be used to generate new access tokens after the current access token has expired. It has a lifetime of 1 year before it expires.
Refresh Token
You may use a refresh token to generate a new access token at https://access.active911.com/interface/open_api/token.php by using a POST request
Parameter | Required | Description |
client_id | yes | The client_id given to your application when you registered it with us |
client_secret | yes | The client_secret given to your application when you registered it with us |
grant_type | yes | For refreshing your token, this must be set to "refresh_token" |
refresh_token | yes | The Refresh token given when you submitted your authorization code. |
This will return a JSON object with:
{
"access_token": "<The access token used to access the api>",
"token_type": "Bearer",
"expires_in": "<Seconds until the access token expires>" ,
"scope": "<The scope of permissions granted to this token. May be less than the scope initially requested>"
}