I am trying to get data for my app using wild apricot.Im using hybrid app. Currently when I am trying to access
events.

https://api.wildapricot.org/v2/Accounts/209675/Events

This is my url.
Then I have to send authorization as header in the GET request.
But whenever I send authorization as header in GET request. It comes as a pre-flight and first OPTIONS request is sent.

But the server is not handling OPTIONS request. How do I get over this scenario.

Request URL:https://api.wildapricot.org/v2/Accounts/209675/Events
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Remote Address:96.43.192.222:443
Response Headers
view source
Cache-Control:no-cache
Connection:close
Content-Length:76
Content-Type:application/json; charset=utf-8
Date:Tue, 02 Aug 2016 07:51:30 GMT
Expires:-1
Pragma:no-cache
X-Backend-Server:M51
X-LB-Server:sslfront1
X-Powered-By:ASP.NET
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:authorization, content-type
Access-Control-Request-Method:GET
Connection:keep-alive
Host:api.wildapricot.org
Origin:http://evil.com/
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1

Hi,
I am creating a client for wild apricot. So to facilitate event registration the form has to be created in mobile app. To do the same the custom event fields has to be shown in the mobile client. So when I try to access the event Registration or event eventdetails using API.

{
"FieldName": "Testing field",
"Value": [
{
"Id": 8815648,
"Label": "New Item 1"
}
]
}

Currently I am using https://api.wildapricot.org/v2/Accounts/209675/EventRegistrations?eventId=2297435

also tried with
https://api.wildapricot.org/v2/Accounts/209675/EventRegistrations/16216925

I get the Field and label for it. but there is a field tyepe and list of values assocaited with it. how to fetch them?

I'm attempting to configure our third party website using Apache and mod_auth_openidc to invoke the SSO authentication endpoints on our WildApricot website.

I've gotten as far as manually assembling a correct authentication request URL:

https://discoamigos.wildapricot.org/sys/login/OAuthLogin?response_type=authorization_code&scope=contacts_me&client_id=...&state=...&redirect_uri=...&nonce=...&claimed_account_id=...

That shows me a login dialog as expected... However, when trying to use mod-auth-openidc to generate the authorization URL, it doesn't allow the request_type of "authorization_code". It only lets me set the request type to "code", which seems to break the authentication page fetch on the WA end.

This would seem to be an issue with Oauth2 'standards'. It would seem request_type="authorization_code" isn't a part of Oauth2? Should I be looking at a different solution other than trying to use mod_auth_openidc to integrate with WildApricot SSO?

My end goal is to protect a few web paths on my 3rd party website using the SSO service on our WildApricot. Any suggestions?

We would like to offer our members the chance to renew their membership from our WordPress site. How do you recommend we use the API to accomplish this in a way that integrates well with the regular Wild Apricot renewal process?

Ideally we would update the contact (change the membership level, if needed, and update the renewal due date), produce an invoice for the renewal, and record a payment for that invoice. Have I missed something?

Since the API still does not allow the creation of new invoices directly (I can generate an invoice for an event, but not for anything else like this renewal), it seems we can't actually create an invoice for the renewal with the API. So should we just update the contact and make a payment without an invoice?

Also, it is not clear to me if we should update the renewal date last updated field or if that will be done for us when we change the renewal due date?

Thanks for any advice you have on using the API to renew members.

Dear Support Team,

Will it be possible to somehow integrate the Integrated Biometrics product below into the Wild Apricot:
http://www.integratedbiometrics.com/products/curve/

I want to use it to register contacts (members / clients / attendees) when arriving at an event (or meeting).
This will speed up registration a lot.

On the first contact (new client) with the person, the detailed information (name and other attributes) of the person will be captured together with a finger print (will be later used for repeated registration).

When performing registration the next time, as the contact information will be already available on the system, the contact will be marked as present at a specific meeting on a date and time after scanning the fingerprint.

Trust to hear from you soon.

Blessings,
Deon Bezuidenhout

Hi

Not sure if this is possible

I am designing a 3rd party website and I would like to offer our WA members the ability to login using the WA SSO and access a restricted section within the 3rd party. Although I can achieve this I would like WA to tell me who the member who logged in was (e.g. by telling me the memberID)

Is there a way to do this?

So far I do the following based http://help.wildapricot.com/display/DOC/Single+sign-on+service
1. I get the SSO working and WA returns state and code

2. I then send
$data["grant_type"]="authorization_code";
$data["authorization_code"]=$_GET['code'];
$data["client_id"]=$cID;
$data["redirect_uri"]="http://mywawebsite.org/login.php"; //same as sent in SSO request
$data["scope"]="contacts_me";
$data["state"]="123"; //same as sent at SSO

I then use curl and send the following headers:
$headers = array(
"Authorization: Basic {$cIDencrypted}",
'Content-Type: application/x-www-form-urlencoded',
'Content-Length: ' . strlen($d)
);

where $cIDencrypted is clientId:clientSecret base64 encoded

curl_setopt($ch, CURLOPT_URL, 'http://oauth.wildapricot.org/oauth/token'); //your helper website says http not https

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $d);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

I don't get anything back.

So Problem 1 I don't get a token.

Can you help with this please?

Also once I have the token how do get the member's details ? Or is there another way?

BW
Marios

We are migrating our members to WA and I have a big issue. Our members are granted access to an external database as part of their membership to search legal information online. Members log into our portal and click on a link that has their own AccountID, First Name, Last Name and email address embedded. Is there a way to accomplish this in WA?

Here is an example of the code we use now on our existing ASP site to generate the individual links:

using System;
using System.Web.UI.WebControls;
public partial class membersonly_somedatabase : System.Web.UI.Page
{
protected string endurl;
protected void Page_Load(object sender, EventArgs e)
{
urlRedirect.Mode = LiteralMode.PassThrough;
endurl =
SomeDatabase.CreateURL(
Profile.UserName,
Profile.FirstName,
Profile.LastName,
Profile.Email,
"https://apps.somedatabase.com/PartnerBenefits/?"
);
urlRedirect.Text =
"<meta http-equiv=\"REFRESH\" content=\"2;" + endurl + "\" />";

}
}

What would be the best way to accomplish the same thing with our WildApricot portal?

Thank you!

I am able to obtain authorization_code from OAuthLogin, but cannot get access token from oauth.wildapricot.org with it.

The failure occurs due to CORS although I believe I am making the request from the same origin (SSOfail_CORS.png).

If I disable CORS, the failure behaves differently. A pop-up is shown asking for username+password (SSOfail_noCORS.png). This pop-up keeps repeating after entering valid credentials, and must eventually be canceled to continue.

Here is the code that makes access token request:

$.post(
"https://oauth.wildapricot.org/auth/token",
{
authorization_code: code,
client_id: "xxxxxxx",
client_secret: "xxxxxxxxxxxxxxxxxxxxxxx",
redirect_uri: "https://rbc.wildapricot.org/Schedule",
scope: "auto"
},
function(data, status){
alert("Data " + JSON.stringify(data) + "\nStatus: " + status);
}
);

Thanks for any help on this!

I'm trying to understand if Wild Apricot's SSO implementation will work out of the box with Discourse's oAuth SSO implementation, or if I need to develop a plugin for Discourse to authenticate with WA.

Discourse, a discussion platform, provides a built-in oAuth SSO client. There are screenshots of the configuration here - https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045

On Discourse, for the SSO URL, I have put in what I believe is the correct URL for the authorized application that I have made in our WA account:

https://abea.bike/sys/login/OAuthLogin?client_id=<WA CLIENT ID>&redirect_uri=http%3A%2F%2Fdiscourse.cyclingsavvy.bike%2F&scope=contacts_me&response_type=authorization_code&claimed_account_id=<WA ACCOUNT ID>

Where <WA CLIENT ID> is configured on the Wild Apricot admin site for oAuth applications, and where <WA ACCOUNT ID> is found in the billing/account dropdown.

Then, for SSO Secret, I put the Client secret that is found under Client ID in Wild Apricot.

When this is enabled, I am redirected to the correct login page on our WA site, but when I authenticate it goes to Discourse and my browser says there's a redirect loop. I assume this means that the correct information is not getting back to Discourse.

Hi,
using example PHP code and worked out that if we authenticate to the API as a user then we can retrieve the user's ID with the contacts/me call, but it returns limited data about the user. It does not return membership field values. Is there a way, when logged in as a user, to retrieve the users record including datafields?

Just for context, I'm writing a joomla auth plugin. I want to first authenticate the user (hence using the user credentials) and once authenticated I would like to get some of the data to sync into the Joomla account (such as street address, phone number).

If the field values can't be accessed via api when authenticated in the user context do I need to perform the authentication as the user (to confirm their login/password), then re-authenticate using the application's API key to retrieve the Contacts URL to access their data?

Thanks,
Russ.