Adapting external login for API

Hi @wildlifeweb,

Yes this is possible with WordPress, but is obviously a very customised flow for your use case. The hooks in this plugin give a really good template of where you would want to write such logic. However, you will no doubt have to learn the development skills or hire a developer to carry out the work for you.

There are a lot of things you need to consider and answer:
– Do you need logged in users to access a members area? If so, I believe WordPress requires passwords, will you just create a fake one each time?
– Without any password validation anyone could use a member e-mail in the platform to gain access which seems problematic. They could access as any other user.
– Does their API support validating an e-mail address?
– Do you want some sort of gated screen where a user has to login with just an e-mail address?

These are just some initial considerations but based on these there would be a lot of other questions. I don’t have capacity to help you with this project but it sounds like you’re going to need a developer to support the development which would be my advice for next steps. If you have a budding developer and want to ask specific questions I’ll try my best to give occasional advice here when I can.

Good luck with the project ??

Tom, many thanks for your kind reply.
I didn’t mean to imply there were no passwords- what we would like to do is to have users log in to the website with their WordPress username and password, but for their email address to be used as the look-up in the external database, membership status got (member or not) and then the WordPress user-account role set to member or non-member.
It’s way above our heads unfortunately, so yes, will need to find a developer.
Best wishes
Paul

Ok – and were you looking to have users signup to WordPress separately or were you planning to connect this plugin to your database of users so they can login with the same credentials?

No, users can’t login to the external database, it is only Admins can do that. We just want for people to log in to the WordPress website- either as members if their email address is present on the external database, or as non-member users if they are not present on the external database. So users don’t interact with the external database at all, it is just the validation API that does that.
This is the idea anyway; I don’t know if it is possible!

How does a user get created in WordPress? Are you expecting your WordPress site to have a sign up form and that they need to create a user with the same e-mail as is in your CRM?

Yes, at the moment, there is a “Join Us” signup form on the website, which is embedded from the external database. When users sign up (and pay the membership fee) they go onto the external database. To use the website, they need to then create a WordPress account using the same email address, and a new password. There is a “Register for the website” form, separate from the “Join Us” form. Thereafter, when they sign in to the website, theoretically their membership status is set when the API looks up the database for their email address. We chose email address as the lookup because this is unique for each person.

Ok. Not saying it’s a deal breaker but things to consider are:
– users accidentally using the wrong e-mail
– users signing up with someone else’s e-mail? Maybe not an issue if you require e-mail validation on signup in WordPress? Also not an issue if low risk in a worst case scenario and relatively unlikely.

It sounds like this plugin however won’t be much use. I think it sounds like it is just a function that calls the api on each login (WordPress has a hook for this) and sets the user account if a successful response comes back. Should be a straight forward task for a developer however if someone your end makes headway and needs some general direction I’ll try and continue to respond here.

Good luck with the project.

Kind regards,

Tom ??

Thanks Tom, your replies are very much appreciated!
If users use the wrong email, they won’t be able to log in to WordPress as it won’t match the password. If they initially (accidentally) sign up with the wrong email I guess it would need Admin intervention.
The external database’s API can return data on any of the fields in the membership record so I guess we could get around the problem of people purposely signing up with someone else’s email by also checking postcode or something like that, on initial signup.
I’m very pleased that you say it sounds like it should be a straight forward task for a developer ??
I’m trying to learn as much as I can just now so I may try and do it myself.
Thanks again for your help.
Paul