In addition to the Embed functionality, ChurchSuite provides both API and JSON feeds for web developers, ideal for creating custom app applications or additional integrated website features using the data in your ChurchSuite account.
Suitable where GET and POST functionality is required for a web or app application.
Suitable where GET-only functionality is required for your custom application.
Suitable for non-developers to integrate ChurchSuite features into your existing website with a simple "copy and paste" of a single line of embed code that provided in ChurchSuite's module options area.
In our experience, making use of the JSON feed is the most appropriate choice for the vast majority of churches. It is available to all accounts, requires less work for a developer to work with and maintains a higher level of security for your account.
API access is reserved for "full suite" customers only i.e. those subscribing to all ChurchSuite modules. However, JSON feeds are freely available to all customers, provided they have the relevant module on their account, e.g. Calendar or Small Groups.
A request for an API key should be requested through the designated ChuchSuite account contact for your church. API access is linked to a user account - we therefore recommend adding a new user account for API (rather than piggy-backing an existing user profile). In this way you can assign that API user account with just the module permissions necessary for the API application. We'll then provide you with a API token for that user account.
JSON feeds pull back the entire body of data in a call, whereas API data is paginated. JSON provides read-only access to your account data using GET, while API can be used for POST/PUT/DELETE applications that need to write back data to your ChurchSuite account. Bear in mind that API doesn't generally provide any more access to data than is available through a JSON feed, in fact it's more work for your developer! JSON feeds respect the "Show in embed" visibility settings for groups and events, working in the same was as Embed, meaning that "internal-only" events are excluded from the feed.
A consideration with API is that if your church website is compromised and the API key is obtained, a hacker would have access to the data within the modules you've made available to the API user account.