AWeber requires that all integrations use the OAuth 2 specification in order to connect to AWeber customer accounts. Our workflow, documented here, requires the AWeber customer to sign in to their account using a browser. This is an important step because it shows AWeber that they have given you permission to connect to their account with whatever scopes you requested. As such, the use of a browser is required for authorization.
After the user signs in, the browser is redirected to a URI that you specify. This could be another page on your website, a mobile app intent, etc. But what happens if you don’t have a redirect URI? Some integrations such as WordPress plugins, might be installed on many domains. Others are not browser based at all such as command line or server side applications.
In these cases it can be hard to decide what to redirect the AWeber customer to. For these situations, AWeber provides an “out of band” redirect URI. Out of band communication means anything happening outside the primary communication channel, in this case the web browser.
Creating an Out of Band App
To get started, you will need to set up your app in your developer account to use the out of band flow. This is pretty easy, you just need to set your redirect URI to a special value. It doesn’t matter if you’re using public or confidential apps, this will work with both!
When creating a new app in your developer account, simply put urn:ietf:wg:oauth:2.0:oob as your redirect URI. This is a value AWeber uses to tell that your integration is using the out of band flow.
Completing the OAuth 2 Flow
Continue as normal after getting your client ID (and secret, if using a confidential flow). Create an authorization URL with your client ID and required scopes as specified in our documentation. Send that to your new user (the AWeber customer). If your integration isn’t browser based you could pop up a message asking them to copy and paste the link into a browser or you could have your application automatically open it. A browser is required here, but only for the initial authorization.
The AWeber customer will sign in with their login credentials as normal, but rather than being sent to a redirect URI, they’ll see another AWeber page with the authorization code and directions to copy and paste the code into your integration.
All you need to do is provide a place for the customer to paste that code, then you can use it to complete the OAuth 2 flow and trade for access and refresh tokens following the rest of the documentation. Refreshing the token works as normal, you do not need to use the browser or do anything special to refresh!
Having trouble? Send us an email at firstname.lastname@example.org and we’ll be happy to help you troubleshoot.