I am working on a Node/Express product that will allow members of a certain monthly subscription tier to have an enhanced feature set. Can I just check with you guys what I am doing seems normal?
I have auth’ed my user’s through Patreon and got back their access token. Then I have run https://patreon.com/api/oauth2/v2/identity?include=memberships.currently_entitled_tiers with their access token in the GET header. All good. Getting back decent data.
I am guessing that I then need to check the objects within the returned ‘Included’ object and check that one of them has the matching ID for the campaign and then check within that objects “relationships” > “currently_entitled_tiers” > “data” for a matching ID for the correct tier?
- Is the above pattern what I should be doing to check the currently logged in user has the correct tier level, is this ‘safe’ to do it this way?
- How do I get the IDs for the Campaign and Tier? Is there a way in the Patreon GUI or do I need to run a script once through the API to find out what they are?
- Do Tier ID’s or Campaign ID’s change at all, or am I safe hard-coding it?
- How can I also test if the currently logged in user is the owner of the campaign?
This is the flow I’ve implemented as well. You also need to set up webhooks so that if a patron changes their tier on Patreon, you reflect that on your site as well.
If you authorize the “campaigns” scope, you can get a list of campaigns owned by the current user. I manually inspected the JSON response to a GET request on the “campaigns” endpoint to get all the IDs for my tiers. There might be a way to get it from source code, but I didn’t find it displayed on the GUI anywhere. My assumption is that IDs are fixed and won’t change.
For working and tested examples, you can always check WP plugin and PHP lib.
WP plugin has some pretty fleshed out logic in oauth, api classes and how to process patron data.
Whereas PHP lib is much faster to understand and it has clean examples which you can start building your logic on.
WP plugin matches patrons to content over $ amounts.
Using $ amounts, the locked content at your app still functions when tiers are changed or deleted. You dont end up comparing the user’s patronage to a nonexistent tier.
To do exact tier match, you can do value matching (locked content's value vs patron’s patronage $ value), but also optionally check for exact tier id.
In this current context, you can first check match for exact tier id, and if that tier info is stale or missing, you can match over $ value. Or mix them as needed.
That would make your app more resilient to changes.
Thanks for the suggestions. I will look into adding $ amount to my checks.
I am currently just checking to see if the correct tier id is present within the included array brought back from the currently_entitled_tiers scope. Is that not enough in your experience?
That would be definitely enough. An exact tier match.
If you add a $ check fallback after that you would also cover your app for future changes in your tiers. (ie, deletion, price change)
I’ve observed that there’s only ever one tier in currently_entitled_tiers. On my site I have each tier ID mapped to a set of features that should be available at that tier.
That’s a way to do it yeah…
I had to sign up for an account to say thanks for posting this question! I was struggling to build something similar - a way to query the active tier for the authorized user for the campaign I know about. I only wanted to use the ‘identity’ scope so as not to request too much access. It was working fine to just give me their membership to my campaign but I could not figure out how to get the tier from there - I kept getting access denied. I never would have thought to include
memberships.currently_entitled_tiers but that works perfectly. How in the world did you figure out you could do that? I didn’t see any mention of it in the docs.
If you look at the Identity endpoint here https://docs.patreon.com/#get-api-oauth2-v2-identity
The most useful line is the request example in the code box on the right (commented out red text)
You will also see you can click on ‘memberships’ as a top level includes, which links you here: https://docs.patreon.com/#member that gives you all the fields you can request
But, trust me, it was like 2 hours of hacking around to work it out.