Restricted or Public API Key ??

I have developed a Wordpress Plugin that allows my client to view basic campaign info etc, but more importantly build his newsletter within wordpress admin from his existing WP content and then publish it out through the CM API. Works great so far.

I'd like to release this as a Wordpress Plugin but keep it tied to my CM account so that I might make a dollar if someone installs and uses it. The problem is that to do so I need to release my API KEY and hence anyone could start accessing my account through the API. (or am I missing something?)

Q: Is it possible to have a restricted API key, that will only work with certain Client functions and not others.

ie.
Client.GetDetail [work with restricted/ public API key]
User.GetClients [master API Key ONLY]

thanks for reading....

Brian

jamesd jamesd, 6 years ago

Hey Brian,

snapiweb :

I have developed a Wordpress Plugin that allows my client to view basic campaign info etc, but more importantly build his newsletter within wordpress admin from his existing WP content and then publish it out through the CM API. Works great so far.

Can you clarify something: When someone uses your Wordpress plugin will they always be associated with an individual client in your Campaign Monitor account, or are their campaigns always sent on behalf of the one particular client which you've created in Campaign Monitor specifically for this purpose of your plugin?

snapiweb :

I'd like to release this as a Wordpress Plugin but keep it tied to my CM account so that I might make a dollar if someone installs and uses it. The problem is that to do so I need to release my API KEY and hence anyone could start accessing my account through the API. (or am I missing something?)

If you have each person who uses your plugin set up as a client in your Campaign Monitor account, you could force them to use a client level API key so you wouldn't need to distribute your designer-level API key with your plugin. If you did this, as part of the plugin installation and configuration, you'd need to get the user to enter their client-level API key, which can be generated using the User.GetApiKey API method.

snapiweb :

Q: Is it possible to have a restricted API key, that will only work with certain Client functions and not others.

No, but it is possible to have a different API key for each of your clients. See the documentation on the User.GetApiKey API method for details.

Hope that helps. It really depends on how your plugin works... i.e. whether or not you're creating a new client and sending on that client's behalf when your Wordpress plugin is installed.

snapiweb snapiweb, 5 years ago

Thats just what I was looking for.....apologies for not spotting it. I assumed it GetApiKey returned the Clients API ID.

Will let y'all know once the plugin is set to go..

Cheers...Brian


Brian M
Snapiweb - Web Design and Email Marketing
T: + 353 (0) 21 234 1997

Join 200,000 companies around the world that use Campaign Monitor to run email marketing campaigns that deliver results for their business.

Get started for free
1-888-533-8098