Authentication

WasteNot connects to your advertising and e-commerce platforms to sync data and manage audiences. This page covers how authentication works for platform connections (OAuth) and direct API access (API keys).

Platform connections (OAuth)

Most integrations in WasteNot use OAuth to securely connect to third-party platforms. When you add a new data source, you will be redirected to the platform to authorize WasteNot. Once authorized, WasteNot stores a secure token and handles refreshes automatically.

Currently supported OAuth connections:

  • Facebook Ads -- Connect your Meta Business account to sync audiences and manage ad campaigns.
  • Google Ads -- Authorize your Google Ads account for audience targeting and campaign management.
  • Shopify -- Connect your Shopify store to sync customer and order data.
  • Klaviyo -- Link your Klaviyo account to pull email and SMS engagement data.

OAuth tokens are automatically refreshed by WasteNot. If a token expires or is revoked on the platform side, you will see an authentication error in your data source settings and will need to reconnect.

Connecting a platform

To connect a new platform, navigate to Connectors in the WasteNot dashboard and click Add Data Source. Select the platform you want to connect and you will be redirected to authorize access.

Example OAuth flow

1. Navigate to Data Sources > Add Data Source
2. Select "Facebook Ads"
3. You are redirected to Facebook to authorize WasteNot
4. Facebook redirects you back to WasteNot with an access token
5. WasteNot securely stores the token and begins syncing data

Always ensure you are authorizing from an account with sufficient permissions. For advertising platforms, you typically need admin or advertiser-level access to the ad account.

API keys

For programmatic access to WasteNot, you can generate API keys from the dashboard under Settings > API Keys. API keys are scoped to your organization and carry the permissions of the member who created them.

Example API request with an API key

curl https://app.wastenot.com/api/v1/audiences \
  -H "Authorization: Bearer wn_live_k7cGNIBKZiNJ6wqF..."

Keep your API keys secure. Do not expose them in client-side code or commit them to version control. If you suspect a key has been compromised, revoke it immediately from Settings > API Keys and generate a new one.

Key management

API keys can be created, rotated, and revoked from the WasteNot dashboard. Each key can be given a descriptive name to help you track where it is used.

  • Name
    wn_live_*
    Type
    string
    Description

    Production API keys. Use these to access live data in your organization.

  • Name
    wn_test_*
    Type
    string
    Description

    Test API keys. These only access sandbox data and are safe for development.

When rotating a key, the old key remains valid for 24 hours to give you time to update your integrations. After 24 hours, the old key is permanently revoked.

Was this page helpful?