Overview
Many website integrations depend on API credentials. Preparing them correctly helps XMLA connect services faster while reducing the risk of exposed passwords or broken permissions.
When this helps
Use this guide before connecting CRMs, payment tools, email platforms, booking systems, analytics tools, membership apps, or custom software to your website.
Recommended steps
- Confirm which platform needs to be connected and what the integration should do.
- Create a dedicated API key or app user instead of sharing a personal login when possible.
- Limit permissions to the features required for the integration.
- Record the account owner, expiration rules, allowed domains, and any webhook URLs.
- Send credentials through the approved secure submission method instead of email or chat.
Information XMLA may need
- Platform name and login URL
- API key, client ID, client secret, or app password
- Webhook signing secret if available
- Required scopes or permissions
- Test account details when available
Next step
If you are unsure which permissions are safe, send the platform name to XMLA and we can tell you what access level is appropriate.
