How to build a public Manychat integration: Building the Auth Flow

Aug 11, 2024 • 6 minute read

Hey there, fellow JavaScript aficionado! Ready to dive into the world of Manychat integrations? Today, we're going to tackle one of the most crucial aspects of building a public integration: the authorization flow. Buckle up, because we're about to make your Manychat integration dreams come true!

Prerequisites

Before we jump in, make sure you've got:

A Manychat Developer account (if you don't have one, go grab it!)
Your favorite JavaScript environment set up
A burning desire to create awesome integrations

Understanding Manychat's OAuth 2.0 Flow

Manychat uses OAuth 2.0 for authorization. If you're familiar with OAuth, you're already halfway there! If not, don't sweat it – think of it as a secure way for users to grant your app access to their Manychat data without sharing their passwords.

Manychat's OAuth flow involves a few key endpoints:

Authorization endpoint: https://manychat.com/oauth/authorize
Token endpoint: https://manychat.com/oauth/token

Setting Up Your Application

First things first, let's get your app registered with Manychat:

Head to the Manychat Developer Portal
Create a new app (give it a cool name!)
Grab your client ID and client secret – guard these with your life!

Implementing the Authorization Request

Time to craft that authorization URL:

const authUrl = `https://manychat.com/oauth/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&response_type=code&scope=${scope}`;

Redirect your users to this URL, and Manychat will ask them to grant permissions to your app. Easy peasy!

Handling the Authorization Callback

Set up an endpoint to handle the redirect from Manychat. You'll receive an authorization code, which is your golden ticket to the access token:

app.get('/callback', (req, res) => {
  const authCode = req.query.code;
  // Time to exchange this for an access token!
});

Exchanging the Authorization Code for Access Token

Now for the fun part – let's get that access token:

const response = await fetch('https://manychat.com/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    client_id: clientId,
    client_secret: clientSecret,
    grant_type: 'authorization_code',
    code: authCode,
    redirect_uri: redirectUri
  })
});

const { access_token, refresh_token } = await response.json();

Boom! You've got your access token. Store it securely – you'll need it for API requests.

Implementing Token Refresh

Access tokens don't last forever, so let's make sure we can refresh them:

const refreshToken = async (refresh_token) => {
  const response = await fetch('https://manychat.com/oauth/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({
      client_id: clientId,
      client_secret: clientSecret,
      grant_type: 'refresh_token',
      refresh_token: refresh_token
    })
  });

  return response.json();
};

Securing Your Integration

Security is key, folks! Here are some quick tips:

Never store tokens in local storage or cookies
Use environment variables for your client secret
Implement PKCE for added security (especially for mobile or single-page apps)

Testing the Auth Flow

Time to put it all together:

Start your app and navigate to the authorization URL
Grant permissions on the Manychat page
Handle the callback and exchange the code for tokens
Make a test API call with your shiny new access token

If you hit any snags, double-check your client ID, secret, and redirect URI. You've got this!

Conclusion

And there you have it – you've just built a rock-solid auth flow for your Manychat integration! With this foundation, you're ready to start making API calls and building out the rest of your integration. The world is your oyster!

Additional Resources

Want to dive deeper? Check out:

Now go forth and create some Manychat magic! Happy coding! 🚀