ConvertKit

App developer access is in a closed beta and only developers who receive an invite can join the beta. <a href="https://convertkit.typeform.com/to/ArGvqG5c" rel="nofollow noopener noreferrer" target="_blank">Join the waitlist here.</a>

With apps that require API access, you can allow creators to install apps that can link together external platforms to work in harmony. We control authentication here and developers have to request access on behalf of a creator to us to approve.

Once you've <a href="https://help.convertkit.com/en/articles/9427685-building-an-app-for-convertkit" rel="nofollow noopener noreferrer" target="_blank">created your app</a> with API access required, click the Configure button.

Authorization URL: The URL you'd like us to link to, so you can initiate the OAuth flow to the ConvertKit API from your system. We will link to this URL with the `redirect` query parameter which will tell you where to redirect the creator back to so they can continue their session within the Kit application. All URLs have to be secure—i.e., <code>https</code>.

Redirect URIs: Add as many redirect URIs as required. All URLs have to be secure—i.e., <code>https</code>.

Secure application: If the application you are creating is hosted in an environment where you are not able to ensure the authorization keys are hidden and secure (such as in a single-page application), disable the Secure application toggle.

- Authorization URL: The URL you'd like us to link to, so you can initiate the OAuth flow to the ConvertKit API from your system. We will link to this URL with the `redirect` query parameter which will tell you where to redirect the creator back to so they can continue their session within the Kit application. All URLs have to be secure—i.e., <code>https</code>.
- Redirect URIs: Add as many redirect URIs as required. All URLs have to be secure—i.e., <code>https</code>.
- Secure application: If the application you are creating is hosted in an environment where you are not able to ensure the authorization keys are hidden and secure (such as in a single-page application), disable the Secure application toggle.

NOTE: To better understand OAuth, we have details within the <a href="https://developers.convertkit.com/v4.html#authentication-authorization" rel="nofollow noopener noreferrer" target="_blank">V4 API Docs</a>, which links out to the OAuth public docs. Another great resource for this is <a href="https://www.oauth.com/playground/" rel="nofollow noopener noreferrer" target="_blank">Okta’s playground</a> which allows you do see the flows in action. All implementation of OAuth has been carried out against the public OAuth 2.0 RFC, so follows the structure and usage found <a href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1" rel="nofollow noopener noreferrer" target="_blank">here</a>.

Once you're done filling the form, hit Continue.

It will configure the OAuth application and we will then return the Client ID and Secret, which need to be used with ongoing authentication:

NOTE: When completing the authorization flow for API access, using the credentials above, the developers will need to redirect back to the URL included in the `redirect` query param to ensure the creator can continue their session within the Kit application.

Click the settings button to load a modal that allows editing.

Toggle the Secure application setting on or off

- Show your Client ID and secret again
- Allow you to add or remove Redirect URIs
- Update your Authorisation URL
- Toggle the Secure application setting on or off

Pressing Save here will automatically update your application for all users. Please be careful of making changes.

<a href="https://help.convertkit.com/en/articles/9427685-building-an-app-for-convertkit" rel="nofollow noopener noreferrer" target="_blank">Building an App for ConvertKit</a>

Configuring API Oauth Access

Editing the API access