HomeGuidesAPI Reference

Linking with Orgs

Merit Apps can act on behalf of Orgs by asking Org Admins to "Link with" their App. Every Merit App has an App ID and an App Secret which are used to request a LinkAppUrl and obtain Org Access Tokens which can be used to authenticate requests on behalf of Merit Organizations.

Suggest Edits

Web Flow

In order for your App to work on behalf of third-party Orgs (ones other than your own Org), you'll need to add a "Linking" web flow to your own software.

Somewhere in your software you may show a "Link with Merit" button, which should trigger a call to the Request LinkApp Url endpoint, documented here: https://developer.merits.com/reference#request-linkapp-url

Your App may request some combination of the following permissions:
CanManageOrg, which will allow your App to take any of the actions listed below on an Org, or a combination of the permissions in the table.

Permission TypeWhat it grants
CanEditOrgEdit Org Details
CanManageAllMeritTemplatesCreate and edit Merit Templates and Fields
CanSendAllMeritTemplatesSend and edit Merits
CanProposeAllMeritTemplatesPropose sending and editing Merits
> curl -X POST https://api.merits.com/v2/request_linkapp_url --user {appId}:{appSecret} -H "Content-Type: application/json" -d '{ "requestedPermissions": [{ "permissionType": "CanManageOrg" }], "successUrl": "/goodpath", "failureUrl": "/badpath", "state": "state" }'
{ "request_linkapp_url": "https://merits.com/link-app/?token=5aa5a3992bfa4e0006c47cdf", "expiration": "2019-01-31T18:48:51.000Z" }

Once you receive a request_linkapp_url from this endpoint, which will look like the following: https://merits.com/link-app?token={token}, re-direct your user to this special authorization page for your App.

Org ID Token

If a Merit Member chooses an Org to link your App with, they'll be redirected to your site along with a signed "Org ID Token" in a orgIdToken URL parameter. This token can be exchanged for an Org ID which in turn can be used to get an Org Access Token for the Organization Find out More , at which point you can begin making requests to the Merit API on behalf of the Organization!

To exchange an Org ID Token for an Org ID, just use the Org ID endpoint:

> curl https://api.merits.com/v2/org_id?org_id_token={orgIdToken} --user {appId}:{appSecret}
{ "orgId": "{orgId}" }

Once you have the Org ID, request your first Org Access Token:

> curl https://api.merits.com/v2/orgs/{orgId}/access --user {appId}:{appSecret}
{ "orgAccessToken": "{orgAccessToken}" }

And now you're ready to start making requests:

curl -H "Authorization: Bearer {orgAccessToken}" https://api.merits.com/v2/example/endpoint

Updated almost 5 years ago