For an external application to access or update Wild Apricot account information – via Wild Apricot's API – it must first be authorized within Wild Apricot. During authorization, the application will be assigned a unique API key. If the application provides account access to individual users (via a mobile app, for example), the application can be assigned a client ID and a client secret as well. Applications can use the application API key or client credentials for authentication when accessing the API.
Authorizing an application
To authorize external applications to access your Wild Apricot account, follow these steps:
- Hover over the Settings menu and select the Security option. Within the Security settings screen, select the Authorized applications option.
To authorize an application, you must access your Wild Apricot account in secure mode – using https rather than http. If you select this option in insecure mode, you will be prompted to switch to secure mode.
- On the Authorized applications screen, click the Authorize application button.
- Choose from the following application types then click Continue:
A server-side application that requires data from your Wild Apricot account.
A client application that requires authorization of individual Wild Apricot users (e.g. a mobile app).
A WordPress site you want to integrate with your Wild Apricot site. For more information, see Integrating with WordPress.
- On the Application details screen, the following options and information are available:
The name used to identify this application within the list of authorized applications.
The API key for this application. You can use this value to authenticate the application when accessing Wild Apricot's API. If there is no API key displayed, click the Generate API key button. To delete an API key, click the red X beside the key.
You can control whether the application has read-only access, full access, or just access to functions required by WordPress. If you choose the read-only option – and authenticate your application using the API key – then the application can only access functional areas (called scopes) that do not update data.
Application credentials for user authorization
The client ID and client secret for this application. You will need this value if the application requests authentication using Wild Apricot user credentials. If there is no Client secret value displayed, click the Generate client secret button. To delete the client secret, click the red X beside the value.
Authorize users via Wild Apricot single sign-on service
Check this option if you want Wild Apricot users to sign into the application and their Wild Apricot account from a single sign-on screen. If you disable this option, the application can still access data in your Wild Apricot account, but users will not be logged in their Wild Apricot accounts within their browser.
If you enable the single sign-on service, you can specify the organization name displayed at the top of the single sign-on screen.
If you enable the single sign-on service, you can specify the description that appears below the organization name on the single sign-on screen.
Allow login via social networks
If you enable the single sign-on service, you can allow users to log in using their Facebook or Google+ credentials . If you enable this option, then Log in with Facebook and Log in with Google+ buttons will appear on the single sign-on screen.
Trusted redirect domains
For WordPress integration, enter the full URL of your WordPress site (e.g. http://aaot.wordpress.com). For other single sign-on scenarios, enter the URL to which the user will be redirected after login.
- Once you have completed entering or copying the required information, click the Save button to save your changes. The application should now appear within the list of authorized applications.
Deauthorizing an application
Once an application has been authorized, you can deauthorize it by clicking the Deauthorize button below the application within the authorized applications list.