Hi @Paulo, thanks for coming back.
It does look like the signup for a demo is needed for the docs access. But the docs are publicly available - https://api.vincere.io/#overview
I did spend quite a lot time on it, and my issue with retool (great too, btw!) was the feedback it was giving about acquiring the token. The debug panel suggests the authorizaiton_code flow gets tokens properly, but they are not stored and there's just a little info missing on why that happens.
Anyhow, I realised the normal OAuth2 authorization would not work in my case anyway - Vincere requires using id_token (instead of access_token) when making API and just on the weekend, I tried using Custom Auth (thanks for pointing that out, too). This works like a charm! In fact, as I was trying to get that OAuth2 working, I tried few other low-code providers too, and it looks like only Retool give such auth flexibility.
For anyone using Vincere, here's the configuration that works for me:
- In the credentials view:
- make sure you use the domain assigned to your account
- you'll be provided by Vincere with api_key to use in the
X-Api-Keyheader - they require requests to contain short-lived
Id-Token, which we'll need to be refreshing from time to time
- In the auth workflow view:
- make sure to use assigned
client_id - client secret doesn't matter
- we export:
ID_TOKENto be used in the requestsId-Tokenheader andREFRESH_TOKENto be used in the reauth workflow - this token is valid for up to 10 years, according to the docs
- In the refresh auth workflow, we use:
- same assigned
client_idas in the auth workflow - we enforce refresh flow to be kicked off every 50 minutes (3000 secs), as the lifetime of the tokens expire in 60 minutes
- we use
REFRESH_TOKENexported in the auth workflow to be set to therefresh_tokenURL parameter - this workflow will retrieve a new
id_tokenwhich we overwriteID_TOKENenvironment variable with, so that following API requests are using that new value
Thanks guys!