Connection & Authentication
7 articles
- 1 Connecting via OAuth2 The connection screen with the Connect with GoHighLevel button. Overview OAuth2 is the recommended connection method. Credentials are never stored in plain text and token refresh is handled automatically. Steps Go to Syncly > Settings > Connection (or use the Setup Wizard). Click Connect with GoHighLevel. You are redirected to GoHighLevel. Log in if prompted.... Read article
- 2 Manual API Token Authentication When to use this Use a manual API token if your server blocks outbound OAuth redirects or you need a quick way to test connectivity. Note: OAuth2 is recommended for production. Manual tokens do not auto-refresh and require manual updates when they expire. Getting your API key from GoHighLevel Log into GoHighLevel. Go to Settings... Read article
- 3 API Scope Detection What scope detection does When you connect, the plugin automatically probes which GHL API scopes your connection has access to. This determines which features are available. The plugin checks for: contacts, tags, custom fields, custom objects, associations, forms, locations, tasks, and opportunities. Where to see scope results Go to Syncly > Settings > Connection. After... Read article
- 4 Multi-Location and Agency Setup Overview Each WordPress site connects to exactly one GHL location (sub-account). All contacts, tags, and objects are scoped to that location. Agency setup: one site per location One WordPress install (or Multisite network) per client. Each site connects to its client’s GHL sub-account via OAuth2. Each site has its own field mapping, sync settings, and... Read article
- 5 Disconnecting and Reconnecting When you might need to disconnect Switching to a different GHL location Revoking and re-granting OAuth permissions Troubleshooting a persistent connection error Transferring the site to a different GHL account How to disconnect Go to Syncly > Settings > Connection. Click Disconnect. Confirm. The plugin clears stored OAuth tokens and location data. Note: Disconnecting does... Read article
- 6 Security Best Practices Credential storage OAuth2 tokens are encrypted using your WordPress site’s secret keys and salts before being stored in the database. Never stored in plain text. If your WordPress salts rotate, reconnect. Webhook security Inbound webhooks use a shared-secret header (x-ghl-token). The plugin auto-generates a secret. Add it to your GHL automation as a custom header... Read article
- 7 Connection Troubleshooting Red connection status on the dashboard Usually means the OAuth token expired and auto-refresh failed. Fix: go to Settings > Connection and click Reconnect. OAuth redirect fails or loops Your site is not on HTTPS. A security plugin or WAF is blocking the OAuth callback. Whitelist /wp-admin/admin-ajax.php. WordPress address and site address in Settings >... Read article