MeetingBooster API
Requests
Objects
Enums

Authorization

All api requests require you to authorize using a MeetingBooster user and password. The authorization is OAuth 2.0 based.

See Authorize: OAuth for a description of the oauth request

First you do an oauth grant_type "password" request to get a new refresh and access token.

POST http://mymeetingboosterdomain/oauth HTTP/1.1
Content-Type: application/x-www-form-urlencoded
...
username=myemail@company.com&password=itisasecret&grant_type=password&app_id=Api
And you will get a JSOAuthResponse:
{
	"expires_in":"60",
	"refresh_token":"e3dd562a-dd28-45b0-af4b-88d914c52b68",
	"access_token":"lDIYQ09-t31hfQ_unQiZAWJoXWt8..."
 }
 
The access token is then used on all request to authorize the request. You can use the cookie returned from the oauth request or you can add the token to the request in a Authorization header like this:

Authorization: Bearer xxx

Where xxx is the access token.

When the access token is no longer valid the request will return a 401 status code and you can renew the access token using the oauth grant_type "refresh_token" request and specifying the refresh_token:

POST http://mymeetingboosterdomain/oauth HTTP/1.1
Content-Type: application/x-www-form-urlencoded
...
refresh_token=e3dd562a-dd28-45b0-af4b-88d914c52b68&grant_type=refresh_token&app_id=Api

To dispose of the tokens so they can no longer be used, do a oauth grant_type "signout" request:

POST http://mymeetingboosterdomain/oauth HTTP/1.1
Content-Type: application/x-www-form-urlencoded
...
refresh_token=e3dd562a-dd28-45b0-af4b-88d914c52b68&grant_type=signout

Error handling

When the oauth request fails you will get a JSOAuthError:
{
	"error":"unauthorized_client",
	"error_description":"Authorization has been denied for this request",
	"retry_in_seconds" : 10,
	"error_state" : "FAILEDLOGIN"
}

Timeout

By default the OAuth access token is valid in 20 minutes. This can be configured by the "OauthTimeout" application setting in web.config
(Note if your MeetingBooster sever is setup to https you should use https in the oauth requests)