Third party applications built in Fillout can be used to allow you or your users to access their Fillout responses. To connect Fillout to your app, you’ll first start by creating an OAuth application in Fillout, which can later be submit for approval to be listed publicly for Fillout users.

Creating an OAuth app

First, head to your account settings, and click on Developer settings, and select OAuth integrations
Enter a name for your application (this is what users will see when they connect to your app), and click Create app.

Configure your application

You’ll want to select an icon for your app (users will see this when they first connect), and also set up some basic properties:
  • Redirect URI: these are the endpoints you’d like to get sent to during the OAuth token exchange process to receive the token (more info below)
  • Client secret: you should generate a client secret to get started. Make sure to save this token, it will only be shown once.
  • Client id: this is the public ID of your application.

OAuth process

Authorization request

GET https://build.fillout.com/authorize/oauth To initiate the OAuth process, you’ll start by sending users to the above endpoint, with the following query parameters:
  • client_id: the client ID of your app, which you can find while configuring it (see above)
  • redirect_uri: the URL you expect to be redirected to, once access is granted for the token
  • state: any string you’d like to use to retain state when redirecting back to your app
After authorization, the user’s browser will be redirected back to the redirect URI passed. Successful requests will forward the following query parameters to that URI:
  • code: a unique oauth authorization code you can use to exchange for an access token
  • state: the state parameter you passed in initially

Token creation request

POST https://server.fillout.com/public/oauth/accessToken Call this endpoint once you’ve successfully been redirected to after the authorization request. Pass, in the body of the request:
  • code: the code you received in the previous step
  • client_id: your client id for your app
  • client_secret: the client secret you generated for your app
  • redirect_uri: the redirect uri you originally received to generate this code.
A successful response will look like: 
{
	"access_token": "abcdefg",
	"base_url": "https://api.fillout.com",
}
The access_token will grant access to the Fillout API The base_url is the base URL for the api. Usually, this will be https://api.fillout.com, but may vary if you are in different geo-locations, or are self-hosting.

Invalidate access token

DELETE https://server.fillout.com/public/oauth/invalidate To authenticate this request, pass the following headers: 
{
	"Authentication": "Bearer <your-api-key>"
}