To authorize the SaaS API in AccessAlly you create an OAuth app and request the oauth readonly scope. You will exchange credentials for tokens and store them securely for API calls such as installed locations and enabling SaaS per location.
In AccessAlly configure your app credentials and authorize with the SaaS API. The flow results in a token that lets you call endpoints like installedLocations and enableSaas per location.
– GET /oauth/installedLocations: Retrieve installed locations for the account. – oauth.write: Manage OAuth tokens and permissions for write access. – POST /oauth/locationToken: Exchange credentials for an access token. – saas/location.write: Create or update a SaaS location association. – PUT /update-saas-subscription/:locationId: Update a subscription for a location. – POST /enable-saas/:locationId: Enable SaaS features for a specific location.
Trigger: a new SaaS location is created in SaaS API or a new subscriber is added in AccessAlly
Actions: obtain a token via locationToken, then fetch installed locations and apply initial tags in AccessAlly
POST /oauth/locationToken
locationId, access_token, refresh_token
Trigger: subscription status changes in SaaS API
Actions: call PUT /update-saas-subscription/:locationId to reflect changes
PUT /update-saas-subscription/:locationId
locationId, subscriptionId, status, plan
Trigger: Location is ready to enable SaaS features
Actions: call POST /enable-saas/:locationId and handle response
POST /enable-saas/:locationId
locationId, status
Automate onboarding and setup without writing code
Keep data in sync across systems with minimal configuration
Use secure token based authentication for safer integrations
This section defines common terms and the flow from OAuth to location management and subscriptions
OAuth is an open standard for delegated authorization that allows apps to access user data without sharing passwords
A Location represents a SaaS account connected to GHL via the SaaS API. Each location can have its own subscriptions and status
A URL path and HTTP method used to perform actions against the SaaS API
A token used to authenticate API requests on behalf of a user or app
Trigger a welcome sequence in AccessAlly when a new SaaS location is added
Automatically adjust AccessAlly member levels based on SaaS usage or payments
Schedule token rotations and audit logs for compliance
Register your SaaS API app in the AccessAlly dashboard and obtain client credentials
Add GET POST and PUT endpoints and set oauth.readonly scope
Run tests verify token exchange monitor logs and switch to live mode
SaaS API integration with AccessAlly enables automatic data flow between systems. You can pull installed locations and push updates to subscriptions from a single workflow. This reduces manual work and helps keep user access current across platforms. This setup supports scalable onboarding and ongoing synchronization, so new locations and changes are reflected in AccessAlly without extra coding or manual steps.
OAuth permissions start with the oauth readonly scope for read operations. If you need to manage tokens or perform writes you may require oauth write or specific endpoint permissions. Always follow the principle of least privilege and grant only what is needed. Remember to rotate tokens, store them securely and monitor access to protect your users data.
Essential endpoints for initial setup include GET /oauth/installedLocations to discover current connections and POST /oauth/locationToken to obtain access tokens. You will also use PUT /update-saas-subscription/:locationId to synchronize subscriptions and POST /enable-saas/:locationId to turn on SaaS features per location. Additional endpoints like saas/location.write can help create or update location associations as your integration evolves.
To obtain the locationToken you first authorize the SaaS API app in the AccessAlly dashboard. After approval you call POST /oauth/locationToken with your client credentials to receive an access token and refresh token. Store these tokens securely and use them in subsequent API calls. Regularly refresh tokens before they expire and log token activity for auditing purposes.
Yes you can enable SaaS features per location by using the enable-saas endpoint with the location identifier. This allows granular control and makes it easy to roll out features to specific accounts without affecting others. Monitor status responses to ensure that each location is correctly enabled and functional before proceeding with downstream automations.
Token storage should be encrypted and access restricted to authorized services only. Implement token rotation schedules and maintain audit logs for all token events. Use secure storage mechanisms provided by your hosting environment and follow your teams security policy for data in transit and at rest. Always implement least privilege and monitor for unusual access patterns to protect sensitive integration credentials.
Begin with a dedicated sandbox or test environment and use test data for all calls. Verify the token exchange workflow, validate endpoint responses, and review logs to confirm correct behavior. Once testing passes, migrate to live mode with ongoing monitoring. Document every step and create rollback procedures in case an endpoint behaves unexpectedly during live operations.
Due to high volume, we will be upgrading our server soon!
Complete Operations Catalog - 126 Actions & Triggers
