🔐 Connect your Mailchimp account securely using OAuth. More secure than API keys, with automatic token refresh and centralized management.

What You'll Learn

• Why OAuth is more secure than API keys
• How to connect via OAuth
• How to manage your connection
• How to troubleshoot connection issues

Time: 3 minutes
Difficulty: Beginner

Why Use OAuth?

OAuth provides a more secure way to connect your Mailchimp account compared to API keys. With OAuth, you don't need to manage API keys manually, and tokens refresh automatically.

Benefits

Enhanced Security:

• No API keys to manage
• Tokens stored securely
• Automatic token refresh
• Revocable access

Better Experience:

• One-click connection
• Multi-device support
• Seamless updates
• Dashboard integration

OAuth Connection Process

Step 1: Access Your Account Dashboard

1. Visit alienlifestyles.com/account
2. Sign in with your account
3. Navigate to "Mailchimp Connection" section

Step 2: Initiate OAuth Flow

1. Click "Connect Mailchimp" button
2. You'll be redirected to Mailchimp's authorization page
3. Review permissions requested
4. Click "Authorize" to grant access

Step 3: Authorization

What Mailchimp Asks For:

• Read access to your Mailchimp account
• Write access (for paid tier features)
• Access to audiences and campaigns
• Access to reports and analytics

You Control:

• Which permissions to grant
• Can revoke access anytime
• Can reconnect if needed

Step 4: Confirmation

1. Mailchimp redirects back to your dashboard
2. Connection status shows "Connected"
3. Connection date displayed
4. Token expiration information shown

Step 5: Automatic Setup

MCP Server Integration:

• MCP server detects OAuth connection
• Fetches tokens from backend automatically
• Uses OAuth tokens for API calls
• No manual configuration needed

Managing Your Connection

View Connection Status

In Dashboard:

• Connection status indicator
• Last connected date
• Token expiration info
• Connection health

Status Indicators:

• Connected: Active and working
• Expiring Soon: Token expires in <7 days
• Disconnected: Not connected

Token Refresh

Automatic Refresh:

• Tokens refresh before expiration
• Happens automatically
• No action required
• Seamless experience

Manual Refresh:

• Click "Refresh Connection" if needed
• Re-authorize if required
• Connection updated immediately

Disconnect Mailchimp

When to Disconnect:

• Switching Mailchimp accounts
• Security concerns
• Temporary disconnection
• Testing purposes

How to Disconnect:

1. Go to Mailchimp Connection section
2. Click "Disconnect" button
3. Confirm disconnection
4. Connection removed
5. Can reconnect anytime

After Disconnection:

• OAuth tokens revoked
• MCP server falls back to API key (if configured)
• Can reconnect via OAuth anytime
• No data lost

OAuth vs API Key

OAuth Advantages

Security:

• Tokens encrypted in database
• Automatic token rotation
• Revocable access
• No key exposure risk

Management:

• Centralized in dashboard
• Easy to disconnect/reconnect
• Multi-device support
• Better for teams

Experience:

• One-click connection
• Automatic token refresh
• Seamless updates
• Better error handling

API Key Advantages

Simplicity:

• Direct configuration
• No OAuth flow needed
• Works offline
• Familiar to developers

When to Use API Key:

• Testing environments
• Development setups
• Offline scenarios
• Legacy configurations

Troubleshooting

Connection Fails

Common Issues:

• Authorization denied
• Network errors
• Redirect issues
• Permission problems

Solutions:

1. Check internet connection
2. Ensure popup blockers disabled
3. Try different browser
4. Clear browser cache
5. Contact support if persists

Token Expiration

Symptoms:

• Connection shows "Expiring Soon"
• API calls fail
• Need to reconnect

Solutions:

• Tokens refresh automatically
• Manual refresh if needed
• Re-authorize if required
• Check connection status

Permission Errors

Symptoms:

• Some features don't work
• Read-only access only
• Write operations fail

Solutions:

1. Check OAuth permissions granted
2. Re-authorize with full permissions
3. Verify subscription tier
4. Contact support if needed

Best Practices

Use OAuth When Possible

• More secure than API keys
• Better user experience
• Easier to manage
• Recommended for production

Monitor Connection Status

• Check dashboard regularly
• Watch for expiration warnings
• Refresh if needed
• Keep connection active

Secure Your Account

• Use strong account password
• Enable 2FA when available
• Review active connections
• Disconnect unused devices

Fallback to API Key

• Keep API key as backup
• Use if OAuth unavailable
• Switch back to OAuth when possible
• Document both methods

Migration from API Key

Switching to OAuth

If Currently Using API Key:

1. Connect via OAuth in dashboard
2. OAuth tokens take precedence
3. API key becomes fallback
4. Can remove API key later

Benefits:

• More secure connection
• Better token management
• Centralized control
• Improved experience

Keeping Both

Hybrid Approach:

• OAuth as primary
• API key as fallback
• Automatic fallback if OAuth fails
• Best of both worlds

Security Considerations

Token Storage

How Tokens Are Stored:

• Encrypted in database (AES-256)
• Associated with your account
• Never exposed to client
• Secure transmission only

Access Control

Who Can Access:

• Only your account
• MCP server (authenticated)
• Backend service (secure)
• Never shared publicly

Revocation

Revoke Access:

• Disconnect in dashboard
• Revokes tokens immediately
• MCP server stops working
• Can reconnect anytime

Need Help?

• Account Management Guide
• Security & Privacy Overview
• Getting Help and Support

---

Related Articles:

• Account Management Guide
• Complete Onboarding Journey
• Security & Privacy Overview