App developer platform is in beta. If you have any feedback about this feature, please submit it here.
With apps that require API access, you can allow creators to install apps that can link together external platforms to work in harmony. We control authentication here and developers have to request access on behalf of a creator to us to approve.
Once you've created your app with API access required, click the Configure button.
Configuring API Oauth Access
Fill out the form that pops up:
Authorization URL: The URL you'd like us to link to, so you can initiate the OAuth flow to the Kit API from your system. We will link to this URL with the `redirect` query parameter which will tell you where to redirect the creator back to so they can continue their session within the Kit application. All URLs have to be secure—i.e.,
https
.Redirect URIs: Add as many redirect URIs as required. All URLs have to be secure—i.e.,
https
.Secure application: If the application you are creating is hosted in an environment where you are not able to ensure the authorization keys are hidden and secure (such as in a single-page application), disable the Secure application toggle.
NOTE: To better understand OAuth, we have details within the V4 API Docs, which links out to the OAuth public docs. Another great resource for this is Okta’s playground which allows you do see the flows in action. All implementation of OAuth has been carried out against the public OAuth 2.0 RFC, so follows the structure and usage found here.
Once you're done filling the form, hit Continue.
It will configure the OAuth application and we will then return the Client ID and Secret, which need to be used with ongoing authentication:
NOTE: When completing the authorization flow for API access, using the credentials above, the developers will need to redirect back to the URL included in the `redirect` query param to ensure the creator can continue their session within the Kit application.
Editing the API access
Click the settings button to load a modal that allows editing.
The edit modal will:
Show your Client ID and secret again
Allow you to add or remove Redirect URIs
Update your Authorisation URL
Toggle the Secure application setting on or off
Pressing Save here will automatically update your application for all users. Please be careful of making changes.