I am working on a Node/Express product that will allow members of a certain monthly subscription tier to have an enhanced feature set. Can I just check with you guys what I am doing seems normal?
I have auth’ed my user’s through Patreon and got back their access token. Then I have run https://patreon.com/api/oauth2/v2/identity?include=memberships.currently_entitled_tiers with their access token in the GET header. All good. Getting back decent data.
I am guessing that I then need to check the objects within the returned ‘Included’ object and check that one of them has the matching ID for the campaign and then check within that objects “relationships” > “currently_entitled_tiers” > “data” for a matching ID for the correct tier?
- Is the above pattern what I should be doing to check the currently logged in user has the correct tier level, is this ‘safe’ to do it this way?
- How do I get the IDs for the Campaign and Tier? Is there a way in the Patreon GUI or do I need to run a script once through the API to find out what they are?
- Do Tier ID’s or Campaign ID’s change at all, or am I safe hard-coding it?
- How can I also test if the currently logged in user is the owner of the campaign?