Languages: PHP | Difficulty: Easy
Introduction
The Keap PHP SDK provides a simple way for you to get started with integrating usage of the Keap API into your application. Features include:
- Loading & installation of all files and dependencies via composer
- Built in helper functions to get started with OAuth 2.0 authentication
- Simple, normalized interface for accessing each function of the API
This tutorial will demonstrate how to install, setup, and use the Keap PHP SDK, including authenticating requests with OAuth 2.0
Next: Install the SDK
Install the SDK
We highly recommend using composer to manage installation of the Keap PHP SDK. To learn more about composer, check out the Composer getting started guide.
To install the SDK via the command line, simply run:
composer require infusionsoft/php-sdk
You can also manually add the dependency to your composer.json file:
{
"require": {
"infusionsoft/php-sdk": "dev-master"
}
}
You're all set! If you're not using a PHP framework that is already autoloading your Composer vendor directory, you'll also want to include the following at the start of your PHP file:
require_once 'vendor/autoload.php';
Next: Create an Infusionsoft API Object
Create an Infusionsoft API Object
For the next step you're going to need your Keap API client ID and client secret. Don't have them? You can create API credentials for free in just a few minutes here.
Let's create a new Keap API object:
$infusionsoft = new InfusionsoftInfusionsoft(array(
'clientId' => 'XXXXXXXXXXXXXXXXXXXXXXXX',
'clientSecret' => 'XXXXXXXXXX',
'redirectUri' => 'http://example.com/',
));
You're may be wondering what the redirectUri
argument is. When your application asks a user for permission to access their Keap data, Keap has to know where to redirect that user after they've allowed (or denied) permission to your application to make requests. If you're developing locally, feel free to use the local URL of your app (Keap will redirect to that without complaining).
Next: Check for an access token
Check for an access token
The next few steps are going to seem backwards, but will make sense at the end.
In order to make requests to the API, we use an access token to prove who we are and which Infusionsoft customer we're acting on behalf of. We'll go through the steps to retrieve an access token in a moment, but for now, a) we want to check if we have the access token, and b) if we do have an access token, save it in the PHP session so we can use it again later. We can accomplish this in just few lines of code:
if (isset($_SESSION['token'])) {
$infusionsoft->setToken(unserialize($_SESSION['token']));
}
In other words, if we've already saved the token in the PHP session, retrieve that data from the session, unserialize it, and reset it to the Keap object.
Next: Request an access code and exchange it for an access token
Request an access code and exchange it for an access token
if (isset($_GET['code']) and !$infusionsoft->getToken()) {
$infusionsoft->requestAccessToken($_GET['code']);
}
if ($infusionsoft->getToken()) {
$_SESSION['token'] = serialize($infusionsoft->getToken());
$infusionsoft->contacts->add(array('FirstName' => 'John', 'LastName' => 'Doe'));
} else {
echo '<a rel="nofollow" href="' . $infusionsoft->getAuthorizationUrl() . '">Click here to authorize</a>';
}
Let's start with line 5. If we already have an access token set on the Keap object, we can make a request to the API (in this case, add "John Doe" to our contacts list). If we don't have an access token, we need to provide the user a way to authenticate with Keap. This is accomplished by providing a link to the authorization URL, which you can retrieve with $infusionsoft->getAuthorizationUrl()
.
Once a user has clicked the link and given permission for your application to use the Keap API on their behalf, the user will be redirected back to your application (they'll be sent to the URL you specified as the redirectUri
parameter when you first instantiated the Infusionsoft class).
Now we're at the beginning of this code example - when the user is sent back to the redirectUri
location, there will be some additional data appended to the query string. The code
parameter is the value you'll use to request an access token, and you can do this by passing it to the $infusionsoft->requestAccessToken()
method. The SDK will automatically assign the access token to the $infusionsoft
object, and then it will be saved on line 6 before trying to add our new contact, John Doe.
That's it! You've now successfully connected to the Keap API using the PHP SDK, and can continue to make requests for the duration of the user's session.
I’m a little confused here… why is API access mediated by users needing to click any kind of authorization? Isn’t that the point of providing a secret key? I use the API to put Infusionsoft data in front of my customers who have no idea what Infusionsoft is and are not the Infusionsoft user. How does this work??
Hi Greg,
OAuth2 is now the standard way of giving API access. From the sounds of it, you are the Infusionsoft user. This means you have to authorize the access one-time. Your customers will never know about Infusionsoft with this.
We have another tutorial that explains better how to do this. I recommend you go check it out. https://developer.infusionsoft.com/tutorials/making-oauth-requests-without-user-authorization/
Thank you for the reply and the link – you’re 100% right. Unfortunately, the tutorial you linked to (should I have commented on that page instead?) doesn’t actually have a single line of example code.
We use the PHP iSDK right now but I’d like to migrate to the PHP SDK (should I?). Unfortunately, I’m having a problem finding any detailed tutorial information on how to setup the authentication and token refreshes. Can you point me in the direction of anything suitable?
Thanks a ton.
greg
Check out some of the other tutorials here: https://developer.infusionsoft.com/tutorials/
There are two that can help you with the PHP implementation, and the readme on the repo https://github.com/infusionsoft/infusionsoft-php also has a nice simple tutorial on retrieving and refreshing an access token.
But isnt that just plain stupid? Why is oAuth2 the ONLY way of authenticating? Just because Google is doing it? Well if you have anyone remotely technical in your team who understands authentication shcemes, then maybe you should bring them on here for a technical discuss.
I totally appreciate that Infusionsoft is a third rate software but still, when you charge customers money I think it is incumbent upon you to provide proper support and documentation. I do not think you will be surprised to know that your documentation is not a sincere effort at all and is mostly likely done by cheap outsourced labor that has no clue about your actual functionality. Quality of documentation apart, your API seems to be a real joke.
Jokes apart though, I am trying to access our own account using the API and I am bewildered out of my sleep to find that I need to create an app for that, get it approved etc. and still have no clue about where to find client id, secret etc.
I am tempted to throw out your system as a wasted investment and move on but in the interest of semi-decency I am putting my comment here. I would not be surprised if you do not understand the question here but if that is the case, please let me know
How do I stop email auto-responders after the removal of tags using PHP SDK?
this is some of the worst documentation I have ever seen, it is written for people who already know the product usage and has ZERO usable information for new users.
you have assumed everyone is using composer
the code examples, https://github.com/infusionsoft/API-Sample-Code/tree/master/PHP, have not been updated in 2 years
you have made a simple process overly complex THEN suggest using third party wrapper libraries that have less documentation than the crumbs you provide
Top left it says “Difficulty: Easy”. These sorts of authentications to get keys/tokens and refresh them etc. is a nightmare. Every app that has this sort of authentication takes ages just to get to be able to use it. I’ve spent over a day just trying to authenticate with the app before I can actually start building my app. I would change it to “Difficulty: Hard”. Your support on Github has been very good though and would not have been able to do it without that, as the documentation was not great. Refreshing the token is missing in the examples for example.
How to send shipping details like city ,state, country in time of order creation via API, such that it can show in order details section