AppSumo Licensing API (v2)

# Connect to AppSumo

# Allowed Content Types for POST Requests

  • application/json
  • application/x-www-form-urlencoded

All responses from AppSumo are returned in JSON format:

{
    "access_token": "82b35f3d810f4cf49dd7a52d4b22a594",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "0bac2d80d75d46658b0b31d3778039bb",
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6"
}

# Connecting to AppSumo (OAuth)

To set up OAuth and obtain your user’s license, follow these four simple steps:

  1. Save Your OAuth Redirect URL
    Before you start, make sure your OAuth Redirect URL is correctly saved and validated in the AppSumo Partner Portal (opens new window). For more details, refer to the OAuth Getting Started section.

  2. Extract the Code from the OAuth Redirect URL
    After a user accepts the OAuth consent, they will be redirected to your specified URL with a code parameter included in the query string. You will need this code to fetch the access_token in the next step.

    Important:
  • The code is single-use only and will expire after it’s used or the OAuth attempt fails.
  • A new code will be issued upon each new OAuth authorization attempt.

    Example Redirect URL:
https://your-url.com/?code=1d512d96ba99465ba9942bdf282233ea

1
  1. Fetch a Temporary Access Token
    Use the code you extracted along with your client_id, client_secret, and Redirect URL to make a POST request to the AppSumo token endpoint. This request will provide you with a temporary access_token and refresh_token.

    Endpoint: POST https://appsumo.com/openid/token/

    Required Data:
  • client_id and client_secret (See OAuth Getting Started)
  • Your OAuth Redirect URL (must match exactly as saved and validated in the Partner Portal)
  • The OAuth code from the previous step
  • grant_type: set to authorization_code (constant value)

    Example request: POST https://appsumo.com/openid/token/

    1

    Example response:
{
    "access_token": "82b35f3d810f4cf49dd7a52d4b22a594",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "0bac2d80d75d46658b0b31d3778039bb",
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6...",
    "error": ""
}
  1. Use the Access Token to Fetch the User’s License
    To fetch a user’s license, use their access_token and send a GET request to https://appsumo.com/openid/license_key/. AppSumo will provide the user’s license data, which must be linked to the user’s new account on your site.

    Endpoint: GET https://appsumo.com/openid/license_key/?access_token=YOUR_ACCESS_TOKEN

    Example request: 
    1

    Example response:
{
  "license_key": "d8bfa201-d8c0-4bc8-a27c-b1c12efa4a5a",
  "status": "active",
  "scopes": ["read_license"]
}

# Expiration and Refresh of Access Tokens

If you receive a 401 Unauthorized error when using an access_token, it likely means the token has expired. To get a new access_token, use the refresh_token and send a POST request to https://appsumo.com/openid/token/. This will return a new temporary access_token and refresh_token.

Endpoint: POST https://appsumo.com/openid/token/

Example request:

1

Example response:

{
    "access_token": "82b35f3d810f4cf49dd7a52d4b22a594",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "0bac2d80d75d46658b0b31d3778039bb",
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6"
}

Next steps