API General Info

Frank LaRosa

Hi, I'm new to Ontraport and I'm trying to work with the API.

My goal is to have my end users log in, via a mobile app, and be able to request their Memberships list via the API.

I'm a little confused as to how this works. I set up an API key and I'm able to access, for example, a list of all Contacts. But I'm not building an application to manage my contacts, I'm building an application where my contacts will log in, so I need a way to send the API a username/password combination, have it validate the password, and send me back either the account information or some sort of token I can then use to request additional information about their account.

It is important, obviously, that my end users not be able to access each other's accounts, which seems possible with the API key I tried.

October 03, 2018 23:13 Answered

Official comment

I had a discussion with one of our developers. If the user is logging into the PilotPress protected WordPress site with your app, you can get the membership levels using session variables.

$_SESSION["user_levels"] contains the membership levels of the logged in user, and your app should be able to access the session variables. Look on about line 2272 for where we are setting the session variables.

We actually don't use sessions any longer but maintain the code for backward compatibility. We could deprecate them in the future but we'll provide an alternative at that time.

If you're looking to build your own authentication code using the regular ONTRAPORT API look around line 2120 for code we use. It starts with this:

$api_result = $this->api_call("authenticate_user", array("site" => site_url(), "username" => $username, "password" => $hash, "version" => self::VERSION, "algo" => $algo, "session_id" => $session_id));

You can probably reverse engineer the rest of it based on the functions named. It's not in our regular API documentation so this would be the harder route to take. If your contact is logging into the WordPress site normally using your app, then the session variables are going to be a lot easier to hook into.

Frank Hagan October 04, 2018 16:58

Please sign in to leave a comment.

5 comments

I looked through the source code for the "Pilot Press" Wordpress plugin, which does have a login function, and I found a reference to an "authenticate_user" API call that takes various parameters including a hashed version of the username and password.

I think this is what I need, but I can't find the documentation that goes with this API call anywhere.

I could probably reverse-engineer the plugin code if I had to, but that would take quite a long time.

Frank LaRosa October 03, 2018 23:47 0 votes

I need to check with one of our WordPress developers on this one, Frank! I'm not sure how you would hook into the PilotPress function to get the user's membership levels. The closest I come is seeing that on about line 397 in pilotpress.php we have this function that stores the membership_levels in an array:

/* this is a fancy getter, for user settings */
function get_user_settings() {
$return = array();
$user_info = $this->get_stashed("authenticate_user", true);

if (isset($user_info["authenticate_user"]['contact_id'])) {
$return["contact_id"] = $user_info["authenticate_user"]["contact_id"];
}

if(isset($user_info["authenticate_user"]["membership_level"])) {
$return["name"] = $user_info["authenticate_user"]["username"];
$return["username"] = $user_info["authenticate_user"]["username"];
$return["nickname"] = $user_info["authenticate_user"]["nickname"];
$return["levels"] = $user_info["authenticate_user"]["membership_level"];
}
return $return;
}

I don't know if you can hook into that get_user_settings("[levels"]) array or not.

Frank Hagan October 04, 2018 16:11 0 votes

Thanks for the response. As it happens, I just finished reverse-engineering the Pilot Press code a few minutes ago, and have a successful solution.

I don't usually like reverse-engineering things because I worry that what I'm doing may fail to work unexpectedly. Do you believe it is safe to use this solution?

In particular, I had to use the values of VERSION and AUTH_SALT that I found in the PilotPress code, and if those were to change in the future, I think my solution would probably fail.

Frank LaRosa October 04, 2018 17:02 0 votes

I don't usually like reverse-engineering things because I worry that what I'm doing may fail to work unexpectedly. Do you believe it is safe to use this solution?

AUTH_SALT won't change (well, if it does, everything will break!)

VERSION is the version of PilotPress and we send it to know how to format the data ONTRAPORT returns. We don't anticipate the data format changing in any upcoming update of version 2.x.x of PilotPress so you're probably safe.

You could subscribe to our RSS feed of changes to PilotPress at https://wordpress.org/plugins/pilotpress/#developers That would alert you to any changes.

Frank Hagan October 04, 2018 17:29 0 votes