Because you're a partner and integrator of JustGiving's API, I wanted to let you know about some important changes coming soon.
Starting in Q2 of 2025, we'll be ending support for our API's Basic Authentication functionality.
Here's what you need to know and what to do next.
What's Basic Authentication and what's changing?
Basic Authentication is one of the methods used to validate a user’s login credentials when creating JustGiving pages using the API. However, this method allows bad actors with malicious intent to attempt accessing accounts that aren't theirs by continuously testing login credentials on third party applications.
By switching to a more secure process, we'll ensure supporters' personal data remains safe and protected. This also means you won't have to handle any user credentials and enables us to expand our range of authentication methods in the future.
What do I need to do next?
To ensure fundraisers can continue supporting you, it's critical you change the way fundraisers authenticate when creating JustGiving pages from your website.
We're happy to help you transition to one of the below authentication methods.
OAuth - Recommended
With OAuth, the entire sign-in process happens on our secure website.
Try a demo of OAuth on JustGiving here, or see below for more information:
Unclaimed Page Creation
We understand that OAuth may not be suitable in some scenarios. In this instance, we recommend using Unclaimed Page Creation.
This enables you to create an unclaimed fundraising page, which your supporter can then claim via a Claim Page link. We recommend surfacing the Claim Page link at the end of registration and storing the URL, as each user can only claim their page via that specific link.
As always, I'm more than happy to jump on a call and work through your application to talk about what works best for you.
For any questions or help, please email us at developer@justgiving.com, and we can set up a call. Thanks and we look forward to working with you!
0 Comments