ManyChat Help Portal
Submit a ticket

Dev Program - Obtaining API Access through Apps

TABLE OF CONTENTS

Some apps require access to the ManyChat Public API.

Usually, the API key proves that the API call is legitimate but for app developers and app users, we decided to make the process of exposing API access more transparent.

ManyChat generates a unique App Key for each app installation — it proves that your app has obtained the permission to call selected APIs for this bot.

Here are three steps on how to get an App Key with a preconfigured scope.

  • While creating an app, you can specify endpoints you need access to:

  • Your app users will be notified during the installation process as shown below:

  • As soon as app is installed, ManyChat generates App Key

How to receive an App Key

  • Configure endpoint at your side to receive a request after your app is installed. Then add a request object into App JSON, auth section:
"request": {
    "url": "your endpoint is here",
    "method": "POST",
    "headers": [
      "Content-Type: application/json",
      "x-token-header: {{app_token}}" // app key can be received in the headers
    ],
    "mapping": [],
    "payload": {
      "app_token": "{{app_token}}" // app key can be received in the payload
    }
  }

Also you can use system variables like {{app_id}}, {{app_version}}, {{page_id}} and custom ones that app users specify in auth.params section.

When 200 OK status code is received, ManyChat indicates this in App Setup block 

Otherwise, we indicate an error and prompt users to retry:

  • Capture app key manually. If there’s no request object in the auth section, we generate app key and let users copy it and paste into UI at your side:

If you’re going to list your app in our App Store we strongly recommend implementing server-side App Key obtaining. 

How ManyChat handles unauthorised requests

If your app is uninstalled, with every call you will receive response code 500

{"status": "exception","message": "Something went wrong"}


If your request is outside permitted scope, you will receive response code 401

{"status": "error","message": "Wrong access token"}


How to add scopes

For already existing public apps, navigate to the app, API Access tab. Then add scopes, save your app, and republish it. After passing the review, the scopes will be added to your app, and the app key will be generated automatically for all installations.

For dev apps, all changes apply immediately (including generating App Key).


Transition period

We strongly recommend you to use an App Key for all your apps. Obtaining an API key through auth block is not transparent and may impair the user experience.

Configuring API access through App Key will be mandatory starting February 1, 2021.

If you want to discuss your transition plan with ManyChat team, please message us at devprogram@manychat.com