Using OAuth 2.0
Memberful supports the OAuth 2.0 protocol for authentication. You may use this to sign members into your external application.
The OAuth 2.0 authorization flow
If you're using one of the pre-written OAuth 2.0 libraries then the information in this section should be all you need to get started. If however, you want to know more about the underlying process, read the Implementing the authorization code flow section below.
When your application wants to force a member to sign in, redirect them to Memberful's authorization endpoint, which will ensure the member is signed in, before sending them back to your application's redirect_url (see below) with an authorization code.
This authorization code has a lifetime of 1 minute, during which your application can send it to Memberful in exchange for an access_token. The access_token will last for 15 minutes, and allows your application to communicate with Memberful on the member's behalf.
This process requires that your application and Memberful know the following information:
client_idThis is a unique identifier for your site, and should be included in the URL when you send a user to Memberful for authentication.client_secretThis value is a secret known only to your application and Memberful. It should never be stored in a place a user might be able to access it (e.g. in URLS, sessions, or a cookie)redirect_urlThis is where Memberful sends users after they sign in. The authorization code will be provided in a query string parameter namedcode.
You can create these values by setting up a new "Custom Application" in your admin panel (Settings → Integrate → Custom Applications).
During authentication send these requests to the following URLS:
Authorization endpoint (ensures the member is signed in, and sends them back to your application):
https://yoursite.memberful.com/oauth?client_id=XXXXTokens endpoint:
https://yoursite.memberful.com/oauth/token
Implementing the authorization code flow
First, redirect the user to the following URL:
https://{subdomain}.memberful.com/oauth?client_id={application identifier}&response_type=code
This will prompt the user to sign in, and then send them back to the redirect URL you specified when setting up the custom application.
The redirect url will include an extra parameter, code. This code's sole purpose is to be exchanged for an access token (which you can use to fetch a member's account details), and cannot be used for any other purpose. To exchange the code for the token, POST the following parameters to the token endpoint URL:
client_id- The identifier of the application, from the Admin panel.client_secret- The application's shared secret, also from the Admin panel.grant_type- This must always be the stringauthorization_code.code- This is the value that was passed to your site via the OAuth redirect mentioned above.
We'll then give you a payload along the lines of the following:
{ "access_token": "...", "token_type": "bearer", "expires_in": 3600, "refresh_token": "..." }
You can then use the access_token as described in other parts of the documentation.
One notable difference between the OAuth specification and Memberful's implementation is that only applications created by the account owner can interact with a site, thus asking the member for permission to connect to an application is redundant.
General
How to
- Import your members
- Edit email templates
- Create Plan Groups
- Enable Apple Pay
- Add conversion tracking
- Integrate with Zapier
CMS Integrations
Email Newsletters
Discussion Forums
WordPress
- WordPress quick start
- Recommended hosting
- Enable SSL (recommended)
- Add a link to buy a plan
- Protect WordPress content
- Memberful Profile Widget
- Private RSS Feeds
- WordPress shortcodes
- WordPress functions