The Thinkific APIs allow developers to extend Thinkific's functionality in a variety of different ways by accessing site data.
Authorization
The API has been designed for multiple use cases, which call for different authorization methods.
Apps and API Key integration
Developers have three options when building against Thinkific's APIs:
- Public apps use OAuth for authentication and are listed on the Thinkific App Store
- Private apps use OAuth for authentication, but are not listed on the Thinkific App Store
- API Key integrations use Thinkific's built-in API Keys for authentication
For a full description of the differences between apps and integrations see What is the difference between a public app, a private app, and an API Key integration?
Expected API usage and functionality
In addition to account creation, public apps must make use of our APIs, Webhooks and/or Theme Extension capabilities in a way that improves the experience of using Thinkific in a meaningful way for a subset of course creators or students. Simply using the Oauth App architecture and/or SSO capabilities does not meet this criteria. This ensures there is value to the customer in connecting your app with Thinkific.
Reporting requirements for apps that take payments off Thinkific’s platform
You must use the External Orders API to report whenever a transaction happens:
- One-time purchases: Use the POST /external_orders to create the one-time order record, which can receive the whole order + transaction information. In the case of a refund, you should use the POST …/refund endpoint to report these.
- Subscription purchases: Use POST /external_orders to create the subscription, then use the ` POST /external_orders/.../purchase whenever you process a transaction related to the subscription. You should also use the refund endpoint to keep our records consistent with the external platform.
Learn how to use the Authorization Code flow
Cross Origin Requests
Cross origin requests are supported, although it should be noted that making calls to the the API using client-side javascript is insecure as API keys can easily be discovered. We recommend using your server as a proxy to make calls to the Thinkific API to ensure that you do not expose your API key.
To better understand how you can use the API for app development, check out our free course in the Thinkific Academy.