If you are creating applications that work with Keap CRM — formerly known as Infusionsoft — you might be unsure where to start. After all, many of the guides available online for working with Infusionsoft’s API are outdated. Additionally, although the official documentation is an option, it’s a little too vague, especially if you are new to the whole web API business.
I recently worked on a project where I had to integrate a set of fields in a web form with Keap’s CRM system — that is, users will fill up a web form, and the information will automatically be sent to Keap’s CRM database for storage. After a lot of trial and error, as well as source code reading, I’ve managed to get my form working.
I’ve put together this guide in the hopes that you can have a smoother journey of integrating Keap’s / Infusionsoft’s CRM into your web services.
In Keap’s / Infusionsoft’s defense, their documentation is much better in their GitHub repository, as they have more concrete instructions and examples. Once the API is set up on your web application, the information in the repository is actually very helpful.
1. Creating a Keap developer account
To use Keap’s API, you now need to create a developer account (yes, you didn’t have to in the past). This is not the same thing as your regular Keap account, which you use to log in and access your CRM data.
The developer account is used to register your web application with Keap, so that a set of API keys can be generated. These API keys are used by your web application to authenticate itself to Keap.
2. Setting up the API credentials
After creating your Keap developer account and logging into it, go to your Apps Dashboard by clicking here, or by clicking on Apps under your account dropdown at the top right corner of the page.
This will bring you to a page that lists all the applications you are currently managing. If you’ve just created your Keap developer account, the list should be empty.
Create a new app (refer to the image below), and follow the instructions below to generate the API keys you need.
You will be brought to a page asking you for an App Name, as well a Description of the app. Fill in these details accordingly, and make sure to enable Keap 150k under the APIs section (see below image).
Now that your app is created, open it up and take note of both the public API and secret keys.
These credentials will be used for the API calls from your web application. Keap uses the OAuth2 protocol to grant access permissions to external applications. In summary, this is how OAuth2 works:
- The user, through the application, makes an Authorisation Request to Keap’s servers. This pulls up a prompt from his Keap / Infusionsoft account asking if he would grant the application access.
- After the user grants it access, the code generated is sent back to the application.
- The application uses this code to ask Keap’s servers to represent this authorization as an Access Token
- This Access Token will then be used by the Application to make API calls to retrieve or send information from the user’s account on his behalf. The server will return responses based on the requests made. This will continue to work until the Access Token expires.
For our application to successfully communicate with Keap’s servers and update the CRM database, it has to be able to process these authentication steps.
3. Setting up the Infusionsoft SDK
If you downloaded Infusionsoft’s PHP SDK from the GitHub repository and included it in your project, you will find that it does not work. This is because Infusionsoft’s PHP SDK relies on other PHP libraries — such as Guzzle — for it to function. Hence, to get things running, you will need to download all these other libraries and include it in your project.
Since it can be a hassle to find all of these library dependencies, we are going to use Composer, a PHP package manager, to do the work for us.
Don’t know what Composer does? Refer to this article, which also comes with an installation guide to help you get Composer up and running.
With Composer set up, open Command Prompt or Windows Powershell (Shift + Right-click > Open Powershell / command window here) in your project directory and run the following command:
composer require infusionsoft/php-sdk
For Mac users, you’ll want to do the same thing, but you’ll be opening Terminal in your project folder instead and running the same command.
Don’t want to use Composer?
Having trouble getting Composer working? You can also download the Infusionsoft SDK with all its dependencies packaged together here. Technically, the site still uses Composer to compile this package, but this saves you the trouble of installing Composer on your computer.
Using the SDK in your code
Wherever you need to use the Infusionsoft SDK, just add this line of code to include the SDK and its dependencies:
require_once 'vendor/autoload.php';
Of course, the exact path to autoload.php
varies depending on where your vendor folder is located, and where you are running your PHP script from. Change your file path accordingly.
4. Generating an access token
Now that we have the Infusionsoft SDK set up, we need to use it to retrieve an access token for the CRM database. With the access token, we will be able to make API calls to retrieve or update data from the CRM database.
Creating the Infusionsoft API object
To this end, we’ll create a PHP file called authentication.php
. This page will prompt the user to log in with their Keap account and grant permissions.
authentication.php
<?php
require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK.
$infusionsoft = new \Infusionsoft\Infusionsoft(array(
'clientId' => 'Your API key goes here',
'clientSecret' => 'Your API secret goes here',
'redirectUri' => 'http://yourwebsite.com/authentication.php',
));
Remember the API key and secret from the application you made on your developer account? You’ll need to fill in both the keys that you were supplied with into authentication.php
.
You’ll also need to specify a redirectURI
, which is the address that Infusionsoft will redirect the user to once the access token is granted. In this example, we will redirect it back to our own authentication.php
, as we will be processing the token on this same page.
Generating a login link
To get users to grant us access to their Infusionsoft / Keap account, we’ll need to generate a link for them to click on. With the newly-created Infusionsoft object, we can call getAuthorizationUrl()
and drop it into a link.
As authentication.php
will be serving as our login page, add the highlighted line below to the file:
authentication.php
<?php
require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK.
$infusionsoft = new \Infusionsoft\Infusionsoft(array(
'clientId' => 'Your API key goes here',
'clientSecret' => 'Your API secret goes here',
'redirectUri' => 'http://yourwebsite.com/authentication.php',
));
echo '<a href="' . $infusionsoft->getAuthorizationUrl() . '">Log in with Infusionsoft</a>';
Clicking on this link will prompt the user to log in over at the Keap website (if they are not logged in on the browser they are on yet). After they log in (or if they are already logged in), the link will make an authorisation request — basically asking the logged in Keap account whether this app can access information linked to the account.
After the authorisation is done, the user will be redirected back to the redirectURI
with a query string appended at the end of it. The data inside this query string will be used to create our access token.
Isn’t the Keap / Infusionsoft CRM supposed to allow my web application to connect to my account? Why does there need to be a log in link on my web application for my users? If you’re wondering about this, fret not, the link is for you to link your account to the CRM and generate an access token for your app, not for your users. Hence, if you’re using code from the authentication.php
file we provide in this tutorial, it will be good to hide it behind some kind of admin login on your site. For more information, you can refer to this article here. The rest of the article is still relevant to you too, so continue reading!
Generating the access token
Right now, when you get redirected back to authentication.php
, nothing happens, because the PHP file does not contain instructions to handle the query string that Keap sends back. Using the query string, we can request for an access token from the Keap servers with the code highlighted below:
authentication.php
<?php require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK. $infusionsoft = new \Infusionsoft\Infusionsoft(array( 'clientId' => 'Your API key goes here', 'clientSecret' => 'Your API secret goes here', 'redirectUri' => 'http://yourwebsite.com/authentication.php', )); echo '<a href="' . $infusionsoft->getAuthorizationUrl() . '">Log in with Infusionsoft</a>'; // If we are being redirected back to this page from Infusionsoft, // request for an access token. if(isset($_GET['code'])){ // Converts the code into an access token. $token = $infusionsoft->requestAccessToken($_GET['code']); // Set the access token we generated for the Infusionsoft object. $infusionsoft->setToken($token); }
With the access token stored in $token
, we can now make API calls to send and receive data from the Keap / Infusionsoft CRM database. To ensure that we can reuse the token, however, we will need to store it in some kind of persistent storage. Otherwise, we’ll have to do the authorisation request every time we access the page.
5. Storing the access token
Depending on what your web application is used for, there are different options for storing the access token. We can either:
- Store it in the PHP session cache, or;
- Write it into a file.
The code for both of these choices are documented below.
a. Storing the token in a PHP session
When you would use this option: If you are expecting your users to link their Keap / Infusionsoft accounts to your application, i.e. your application integrates your client’s Infusionsoft with your website.
authentication.php
<?php require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK. $infusionsoft = new \Infusionsoft\Infusionsoft(array( 'clientId' => 'Your API key goes here', 'clientSecret' => 'Your API secret goes here', 'redirectUri' => 'http://yourwebsite.com/authentication.php', )); echo '<a href="' . $infusionsoft->getAuthorizationUrl() . '">Log in with Infusionsoft</a>'; // If we are being redirected back to this page from Infusionsoft, // request for an access token. if(isset($_GET['code'])){ // Converts the code into an access token. $token = $infusionsoft->requestAccessToken($_GET['code']); // Set the access token we generated for the infusionsoft object. $infusionsoft->setToken($token); // Store the token in our session. if(session_id() === false) session_start(); $_SESSION['token'] = serialize($infusionsoft->getToken()); }
b. Write the token into a file
When you would use this option: If the log in is for you to link your own Keap / Infusionsoft account, i.e. your users will be interacting with your web application, not Keap / Infusionsoft.
authentication.php
<?php require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK. $infusionsoft = new \Infusionsoft\Infusionsoft(array( 'clientId' => 'Your API key goes here', 'clientSecret' => 'Your API secret goes here', 'redirectUri' => 'http://yourwebsite.com/authentication.php', )); echo '<a href="' . $infusionsoft->getAuthorizationUrl() . '">Log in with Infusionsoft</a>'; // If we are being redirected back to this page from Infusionsoft, // request for an access token. if(isset($_GET['code'])){ // Converts the code into an access token. $token = $infusionsoft->requestAccessToken($_GET['code']); // Set the access token we generated for the infusionsoft object. $infusionsoft->setToken($token); // Store the token in a file. $file_handle = fopen('token.txt', 'w'); fwrite($file_handle, serialize($infusionsoft->getToken())); }
Keep in mind, however, that this saved token will only be valid for 24 hours. If you want to be able to use this in the long run, you will need to request for a new access token daily.
6. Refreshing the access token
To request for a new token, I created a separate PHP file and set a cron job to run it every 23 hours.
tokenrefresher.php
<?php // Retrieve the token from your saved file $token_file = file_get_contents('token.txt'); $token = unserialize($token_file); require_once 'vendor/autoload.php'; // Include the Infusionsoft PHP SDK $infusionsoft = new \Infusionsoft\Infusionsoft(array( 'clientId' => 'Your API key goes here', 'clientSecret' => 'Your API secret goes here', 'redirectUri' => 'http://yourwebsite.com/authentication.php', )); $infusionsoft->setToken($token); // Refresh the token $refreshed_token = $infusionsoft->refreshAccessToken(); // Save it to the token file $file_handle = fopen('token.txt', 'w'); fwrite($file_handle, serialize($refreshed_token));
7. Conclusion
With this, you are more or less set up to work with the Keap / Infusionsoft CRM on your web application. Their API used to offer XML-RPC requests too (we used REST in this tutorial), but those have been deprecated for the most part.
If this guide doesn’t have all the information you’re looking for, you might want to explore the links below to see if you can find what you need:
These guides are not very complete by themselves, so you’ll likely have to tinker with the source code to figure out some of their functions and methods.
As usual, leave any feedback you have in the comments below!
Hi Jonathan, nice tutorial.
I’m getting this error: Fatal error: Uncaught Error: Call to a member function getRefreshToken() on string from tokenrefresher.php
Do you have some idea about how to work around this?
Greetings from Chile!
Hi Agustin,
Greetings! The error seems to be saying that the object you are calling your function on seems to be a string. I.E. in our code we have an $infusionsoft variable that we call refreshAccessToken() on. It seems to be failing on your end because your $infusionsoft variable contains a string instead of the Infusionsoft object.
Outstanding article and definitely helpful. I would note there appears to be a missing close parenthesis in 5b-fwrite.
Another missing close paren on the tokenrefresher fwrite as well. Just trying to help!
Hey Joe, thanks so much for pointing these out. We have added in the parentheses.