Big news on the Campaign Monitor API front today. We’re very happy to announce that we’ve overhauled our API authentication to support OAuth 2. This means a much simpler experience for customers when connecting anything to their Campaign Monitor account, plus a lot more flexibility for developers. We’ve also updated all our client libraries to support it, making it as easy as possible to work with.
OAuth 2 has quickly become the de-facto way to authenticate users against an API. If you’re ever connected something to Twitter, Facebook, GitHub, etc, you’d be familiar with the simple workflow. Up until now, connecting any kind of integration with Campaign Monitor involved using an API key with Basic Authentication. Now you’ve got another great option – here’s all the documentation you’ll need to get started.
A better experience for customers
One of the biggest benefits of using OAuth 2 is a nicer experience for customers. They no longer need to mess with hunting down keys, and in many cases you don’t even need to enter a username or password. A couple of simple clicks, and your account is safely and securely connected to another service.
Using the example above, if you’re already logged into your Campaign Monitor account, you can complete the connection with a single click. If your session has expired or you’re on a different machine, we’ll quickly ask for your username and password and then you can instantly connect.
OAuth also makes it much safer for a customer using multiple integrations. If you no longer want to use an integration, you can simply revoke access for that individual app rather than having to generate a new API key and break any other integrations. Control over who can access a customer’s account is now very much in their hands, and not the third parties they are handing a key over to.
Another big plus of oAuth is that you can set granular access scope for your integrations. Consistent with our current range of permissions for users within your account, you can easily set exactly which parts of their account your integration will have read or write access to. This is a great way to transparently say exactly what your integration can and can’t do. The current permissions we support include:
- View reports – Access to basic reporting data from any campaigns you’ve sent
- View subscriber data in reports – Can access campaign reports down to the individual subscriber level
- Manage Lists – Can access all your subscriber and list data
- Import Subscribers – Can add/import subscribers into your account
- Create Campaigns – Can create draft email campaigns
- Send Campaigns – Can send campaigns to your subscribers
- Manage Templates – Can add, remove or update email templates
- Administer People – Can add, remove or modify the people under a client.
- Administer your account – Can add/edit account administrators and access billing information.
The beautiful thing about this approach is that we’ll look at the permissions anyone has in your account when they’re trying to connect something. For example, if you have a person that can only create campaigns but not send them, they won’t be able to connect an app to your account that will have the ability to send campaigns.
Libraries are updated and good to go
One thing that was very important to us was making sure it’s as easy as possible for developers to work with our API. With that in mind, we managed to update our Ruby, Python, PHP, .NET, Java and Perl libraries to fully support OAuth from day one.
We’re also very happy to announce a brand new Objective-C library for those developing for OS X and iOS. There are lots of nice surprises in that library which we’ll be sharing more about in the coming days.
See all the apps connected to your account at a glance
Another big benefit of using OAuth is that we’ll now show you every single app that currently has permission to access your Campaign Monitor account. If you head into Account Settings and click on Manage connected apps, you’ll see something like this:
This is an account-wide view of all the different external applications that have permission to access your account in one way or another. You can very easily see which clients are using that app, what permissions it has and importantly, revoke access altogether.
For developers, this section of your account also makes it easy to register your own applications with us. Here you can provide a description of your app, plus a web site and icon if one is available. Once registered we’ll give you the private details you’ll need to make an OAuth connection work.
We’ve put together some simple documentation on getting started with oAuth, and don’t forget every one of our client libraries have been updated to make using OAuth as easy as possible.
DOCS See the docs for everything you need to know on authenticating with OAuth.
Supporting OAuth is an important step in our plans with the API. As you can see from some of the screens above, we’ve got some more ideas on how we can make our API easier to work with, and also to encourage more developers to create apps for the Campaign Monitor platform. I’m looking forward to sharing more details on this soon. And of course, if you have a question about oAuth or anything API related, head over to our API Developers forum, or drop us a line.