- OAuth
- No authentication
Though keys offer a quick method of testing the API before finalising your app, some endpoints - such as the
Create purchase or Bulk... endpoints - require OAuth authentication, so will not be able to be tested this way. Specific authentication requirements can be found for each endpoint in the API documentation.Full app authentication flow
The authentication flow varies based on whether your app offers API access, plugin access or both. To learn about these flows in depth, visit the API authentication and plugin authentication pages, which will help guide you through the requirements and share examples to help you get up and running. The below diagram and step-by-step outline will describe the full flow when you have both API and plugin access configured for your app. If you are looking to build an app with just API or plugin access, visit the specific API authentication and plugin authentication pages.
1
Creator installs your app
Authentication begins with the creator installing your app from the Kit App Store or your app’s details page. They can click the “Install” button on either page.
Kit App Store
Kit App Store
Example app details page
Example app details page
If you want to start this flow from your site as well, utilize our install url,
https://app.kit.com/apps/:app_id/install, appended with k_app_id=k_:app_id (which allows us to attribute sign-ups to your particular app). To find your app id - click the “Preview” button for the app on the Build tab of the Kit App Store and the id will be found in the URL path app.kit.com/apps/:app_id.
For example, for the GIPHY app, you would send your users to https://app.kit.com/apps/717/install?k_app_id=k_717
2
Redirect to plugin authorization flow
The creator is then sent to your service’s OAuth flow, whereby the creator grants Kit access to your platform, in order to retrieve the data needed for your plugin(s). Here, Kit will use the OAuth endpoints served by your authentication server to request access tokens, that will be used to authenticate all future requests to your platform.
Example 3rd party hosted OAuth page
Example 3rd party hosted OAuth page
3
API authentication
Once plugin access is completed, API authentication begins, with Kit kicking off the flow by making a GET request to the authorization URL you have set up for your app.
Once the creator gives authorization for your service to access the Kit API on your behalf, your app will request an access and refresh token that will be used for all future app calls to the API.
It is important that at this stage, you store the
redirect property that is appended to the GET request, as this will be the URL your app will need to redirect to once the Oauth flow is completedExample 3rd party hosted OAuth page
Example 3rd party hosted OAuth page
4
Redirect the user to complete the installation
Once API authentication is completed, redirect the user back to the
redirect, URL provided as a query parameter in the initial authorization request. This will ensure the installation flow is tracked and completed properly. This property currently sends users back to your app’s details page, which will help guide them through using and getting the most out of your app they have just added to their creator kit.
If you have set up the
Redirect URL after install field in your app’s settings, a modal prompting creators to continue their journey on your configured site will appear at this point. See this section in the app details page guide for more details.Example redirect flow
Example redirect flow
5
Ongoing refresh token flow
With installation now complete, both Kit and your service will continue to refresh access tokens as required; using the refresh token shared in the same response as the access token to request an updated access token, when the current one has expired.
Externally initiating installations
You can now direct users to install your app directly from your own website or marketing materials, without requiring them to first visit the Kit App Store. This installation flow ensures both plugin and API authentication are completed properly, just like installations initiated from the Kit App Store. After successful installation, users will be redirected back to the Kit App Store where we can track the completed installation. To do this, point users directly to the installation URL using this format:https://app.kit.com/apps/:app_id/install
replacing :app_id with your specific app ID.
For proper attribution of new signups from your app, append the
k_app_id=k_:app_id query parameter to all instances of the install URL:
https://app.kit.com/apps/:app_id/install?k_app_id=k_:app_id
This helps us track installations that originate from your app and attribute any new Kit signups accordingly.
return_to query param. The domain must be one of the domains that you allowlisted in your app settings.
https://app.kit.com/apps/:app_id/install?return_to=https://yoursite.com/example/path
Finding your app ID
You can locate your app ID in two ways:From the Build tab
- Go to the Build tab in the Kit App Store
- Click the ‘Edit’ button on your app” />
- Extract the ID from the URL (e.g.
https://app.kit.com/apps/924/editmeans your app ID is924)
From your app details page
- The app ID appears at the end of your app’s details page URL (e.g.
https://app.kit.com/apps/924)