RECENT UPDATES:
06-Jan-2026 | v7.7.6 | Add `Type` field to API Application Settings and added the `Scopes` section.

Change Log

  • 06-Jan-2026 | v7.7.6 | Add `Type` field to API Application Settings and added the `Scopes` section.
  • 11-Jun-2025 | v7.3.5 | All new article

Contributors:

Adam Wilson - Logo Pogo

API Applications

Allow external applications to securely connect to your WebinOne site instance via interactions with the Open API (both Frontend and Admin endpoints) and/or configure Webhooks for outbound notifications.

Found under 'Settings' > 'API Applications', you can manage all your API keys and Webhook endpoints for any number of applications you may need to connect. Including the ability to disable, remove or refresh keys as needed.

Create/Edit API Applications

To create API Application credentials, click the 'CREATE NEW' button at the top of the page and configure the settings as per below.

Settings

Option
Description
Name
A descriptive name to help you identify with the API Application these credentials will be used for.
Currency/Country
Based on the domain currency/country options configured for your site instance, a single API Application connects via this currency/country profile, which is applicable to some admin settings (such as setting item prices). If your application needs to access multiple currency/country settings, additional API Application connections would need to be created and configured for each currency/country required.
Type

Defines the application’s usage context.

Server-to-Server (default option)
Requires no additional fields.

iOS
Displays Bundle ID and Team ID fields for app identification.
iOS applications are verified through their associated keys, ensuring secure and authentic integration between the mobile app and Open API.

Enable
API Applications are enabled by default. Deselect this checkbox to temporarily stop your API Application from accepting connections, without having to delete it altogether.

Once your API Application has been created the API Keys (Client ID and Client Secret) will be generated and become available for copying.

You will also be able to refresh the Client Secret at any time to renew the key. You'll then need to update the key in any application that are still required to access this API configuration.

Webhooks

In conjunction with an API Application setup, you can configure webhook endpoints to enable automated notifications to external applications upon various WebinOne site events and triggers.

For more details on Webhooks, see the Getting Started With Webhooks article.

Scopes

Scopes allow you to set granular permissions across admin and frontend integrations by selecting only the entities you want available to the API Application.

This improves API access control, making it safer, clearer and easier to manage.

Scopes are grouped by API type (Admin v1, Admin v2 and Frontend v2) with searchable, collapsible lists and per-entity permissions (Read, Write, Delete).

API Applications attempting to access entities where permissions are not configured, an error message will be returned:
“The request is not authorized. Missing required scope: <scope>.”

Admin User Roles

Access to these API Applications via the admin can also be controlled via Admin User Roles, allowing you to manage which Admin Users can view or edit these settings.