Retrieve client's ID, username, and password via API

This is new to me so bare with me please. How do we use the API to retrieve a client's ID, username, and password via the API?

I can get the ID of all clients but not sure how to get it for one specific client so I can then retrieve their username and password. And I need to do this by looking it up via their email address.

And I know how to get their username if I enter the ID directly into PHP versus using PHP to include the ID of the client I wish to lookup.

And I haven't found which part of the API to use to get the password. I see how I can set it, but I wan't to retrieve their current password.

The end result is that I want to generate a URL that contains their username and password so they can bypass loging in to CM since they are already logged into my website.

If someone would like to simply do this for me for a reasonable fee versus explaining here I'd be happy to do that as well.

jamesd jamesd, 6 years ago

We deliberately don't allow you to retrieve a client's password. This is because we cannot retrieve it ourselves. We store one way hashes of both designer and client passwords, as any web application should.

If you are interested in logging in from your own site/app, we have a help topic which explains how to generate a login form to allow you to post directly to Campaign Monitor:

As far as using the API goes, all authentication is done using API keys rather than your CM username and password.

lsilver, 6 years ago

Right but using that form they still have to login to CM. Only they can login via a form on our site versus on the CM site. I need to workaround that. I thought that one way would be to include the username and password in a URL and that would automatically log them in when they click on the URL link. But of course I would need the password to do that.

Any other way? Can I use the API to set the password to something specific and then use that password in the URL?

jamesd jamesd, 6 years ago

Whatever you end up doing, you will need to issue an HTTP POST to the Campaign Monitor login form with the client's Campaign Monitor username and password to login to Campaign Monitor.

We don't (and never will) support login by passing in a username or password in the query string of an HTTP GET.

lsilver, 6 years ago

Okay, so how do you retrieve a specific client's ID by using their email address?

jamesd jamesd, 6 years ago

We don't offer a "search clients by email address" function via the API, but you can get a list of your clients, iterate through them until you find the details (e.g. the email address) you're looking for.

lsilver, 6 years ago

So our server runs PHP. We would upload the PHP wrapper to our site.

We then need to Get Clients. We could do that using the PHP wrapper and the following:

require_once '../csrest_general.php';
$wrap = new CS_REST_General('Your API Key');
$result = $wrap->get_clients();

Am I correct on the above?

We would now have the list of clients stored in the variable $result and need to iterate through them until we find the one we are looking for based upon email address. I presume we use some type of loop but I'm at a loss at this point.

Once we retrieve the user's information we can set their password using the set_access.php function. And we can then log them into CM automatically. Right?

So I think I know how to do the first and last parts. Just not sure how to lookup based upon the email address if someone would be so kind as to explain.


lsilver, 6 years ago

I wound up just storing the client ID in my CMS database record for the client. I'm able to retrieve the username and set the password so I can facilitate logon.

The only thing that remains is doing a POST of the form data. I've been trying to figure it out using cURL but so far it's not working.

I'd appreciate someone helping me out on the code to POST the login info. Thanks. Here's what I've come up with so far:


$postdata = 'username='.$username.'&password='.$password;

$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070725 Firefox/");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);

echo $result;
shovels, 6 years ago

I've been thinking about writing some functionality to a CRM style interface, but it pains me to have to get a client to log in twice. Once for our CRM and then to get into CM.

Would a suitable way around this be:

Add an option to the master account which disables the 'change password' option for all sub-accounts (This is to prevent the passwords becoming out of sync between our system and CM)

Then when a new account is created:
1. store user's details including password (using one-way encryption) in our database .
2. Create the account using API. You would have the same password stored

Then when they log into the CRM we know who they are and if they want to click through to CM we look up their details and pass using CURL or something similar.

If they want to change their password it's done via the CRM and updates CM via the API.

200,000 companies around the world can't be wrong.

From Australia to Zimbabwe, and everywhere in between, companies count on 
Campaign Monitor for email campaigns that drive real business results.

Get started for free