This is a sample request for help, to get the party started.
What are the best practices for reliably figuring out if a patron should receive access to the content on my application? Which field in the API should I be using, and how should I treat this?
I coincidentally want to know the answer to this question!
Take me, for example. I’m a Patreon creator who posts guitar videos. One of my rewards, for a certain pledge level, is sheet music/tablature of my playing. How can I use the API to ensure that a given patron paid for a particular video of mine?
To be crystal clear about this: if you paid for the video I posted in October, you should get access to the sheet music for that video. But if you became my patron today (after Patreon already charged patrons for October’s video), you shouldn’t have access to that sheet music. You didn’t pay for it, after all.
As I read your docs, I can figure out how I’d implement access controls on the level of “is this person a patron at XX pledge level or not?”, but I’m not seeing how I can confirm a patron paid for a specific video.
If this isn’t possible, it seems to be quite a big loophole. What am I missing?
Yes! As you can imagine, this is something that matters to many creators. Thank you for articulating that aspect so well.
I’m going to give a quick short-answer response, and hope to get more knowledgeable people to follow up, if that’s alright.
Bad news: Right now, you’ve got it right. And it definitely is a loophole, depending on how you run your membership business (how important back-access and content itself figures into your rewards, there’s so many approaches to membership as you can imagine).
Good news: Internally at Patreon we’ve reconfigured a lot of things to be able to answer that more complex question, and once it’s ready for product use, we want to expose that information as an API scope.
I hope that’s helpful - even if admittedly not the greatest answer as of right now.
It is possible, but you can’t do it through Patreon’s API alone (yet, hopefully!). You’d need something on your end to store user data pulled from the API, either at the time the video was posted, or via the webhooks. Basically you need to keep track of the user access data for each particular video.
So, you can do it, but it requires more work than just a simple API call.