Search code examples
podio

Podio PHP API authentication

I have a puzzle with Podio PHP API authentication. I can't get something done without the following fatal error. I do this: Podio::authenticate_with_password('aaa', 'bbb');

and I get this: PHP Fatal error: Uncaught PodioRateLimitError: "You have hit the rate limit. Please wait 300 seconds before trying again"

My system works with complex relationships divided in a lot of spaces, that's why I created a "master" account which has the role of administrator in each target spaces.

Each time a webhook is called, I authenticate with the "master" account (it would be a lot of work to authenticate with app because of mutiple relationships in same script).

The same webhook is called multiple times, but in different context.

How can I avoid rate limit busting each time my webhook is called? I tried OAuth 2, but the Podio documentation is not helpful in my case. No attempt worked for me.

Do you have any way to keep in memory/database authentication data to be able to use it for each password authentication from multiple webhook call?

Any help will be very appreciated!

SOLUTION

I found something interesting digging into Podio PHP API class:

This is what I did:

// Set user API key
Podio::setup('user-key', 'wejt9wetwerith34rtfhwetu34hwerud);

// Init refresh_token variable (avoid PHP warning if any refresh_token found in database)
$refresh_token = null;

// Get refresh_token from database if exists
$refresh_token = REFRESH_TOKEN_FROM_DATABASE;

// Authenticate
try{
    // Authenticate with refresh token stored in database
    Podio::authenticate( 'refresh_token', array( 'refresh_token' => $refresh_token ) );
}

// Authentication failed, request new refresh_token
catch ( Exception $ex ) {
    Podio::authenticate_with_password( 'aaa', 'bbb' );
    
    // Get Oauth data including refresh token
    $oauth = Podio::$oauth;
    
    // Authenticate with refresh token
    Podio::authenticate( 'refresh_token', array( 'refresh_token' => $oauth->refresh_token ) );

   // Store $oauth->refresh_token in database for next webhook call...
}

Very important use the same user API key in your script to avoid authentication rate-limit busting, because the refresh_token is linked to user API key used to make the request.

Solution

  • The answer is described under SOLUTION section in the original post above.