Currently we are not validating that the authorized application we are entering is indeed a valid "full" server application. When authorizing the ID, client ID and client Secret we should do a simple API call to validate that the type of application we have is indeed a server application.
We can do this simply by calling the endpoint we know we will need to load contactfields
/accounts/:accountId/contactfields
that will generate a 403 if we don't have the right application setup. If we get a 403 show an error that says
"You have setup an incorrect authorized application type. Please make sure your authorized is setup as a 'Server application' with full read/write privileges. If you setup a WordPress application, please delete it and create a 'Server application' with full read/write privileges instead.'
If 403 is reached with the API call, log this to the error log with ERROR condition
Currently we are not validating that the authorized application we are entering is indeed a valid "full" server application. When authorizing the ID, client ID and client Secret we should do a simple API call to validate that the type of application we have is indeed a server application.
We can do this simply by calling the endpoint we know we will need to load contactfields
/accounts/:accountId/contactfields
that will generate a 403 if we don't have the right application setup. If we get a 403 show an error that says
"You have setup an incorrect authorized application type. Please make sure your authorized is setup as a 'Server application' with full read/write privileges. If you setup a WordPress application, please delete it and create a 'Server application' with full read/write privileges instead.'
If 403 is reached with the API call, log this to the error log with ERROR condition