นักพัฒนา

สร้างต่อยอดบน Dive Admin — เชื่อมต่อเว็บไซต์ของคุณ, สร้างเวิร์กโฟลว์อัตโนมัติ, เชื่อมต่อ AI assistant หรือเพิ่ม "เข้าสู่ระบบด้วย DiveAdmin" ในไซต์ดำน้ำของคุณ

ในหน้านี้

Overview & integration options
Getting started
Zapier — Authentication
Zapier — Create Lead
WordPress — Create Lead

MCP Server (Claude, ChatGPT, Gemini)
OAuth 2.1 — Login with DiveAdmin
REST API
Support

ภาพรวม

Dive Admin มีช่องทางการเชื่อมต่อหลายรูปแบบ แต่ละแบบเหมาะสำหรับการใช้งานที่แตกต่างกัน:

การเชื่อมต่อ	ใช้สำหรับ	Auth	ตั้งค่าใน
Zapier	No-code automation with 7,000+ apps	API key	Settings › Integrations › Zapier
WordPress	Lead forms on your WordPress site	API key	Settings › Integrations › WordPress
MCP Server	Let Claude, ChatGPT, or Gemini read and act in your Dive Admin account — same tools as Coral, scoped per dive school	Bearer token or OAuth	Settings › Integrations › MCP Server
OAuth 2.1	Add "Login with DiveAdmin" to another site, or build a custom app that a diver authorises on your behalf	authorization_code + PKCE	Contact us (DiveAdmin staff register first-party apps)
REST API	Custom backend integrations	API key	Contact us

เริ่มต้นใช้งาน

การเชื่อมต่อส่วนใหญ่ต้องใช้ API key สร้างได้ในบัญชี Dive Admin ของคุณที่ การตั้งค่า > การเชื่อมต่อ

All API requests should be made to: https://diveadmin.com/api/v1/

การยืนยันตัวตน (API keys)

API key สามารถส่งได้ด้วยวิธีใดวิธีหนึ่งต่อไปนี้:

Header: api_key or X-API-Key
Request Body: api_key parameter

MCP and OAuth integrations use bearer-token / OAuth flows — see their sections below.

API Endpoints

การยืนยันตัวตน Zapier

Endpoint

GET/POST https://diveadmin.com/api/v1/zapier/authenticate

คำอธิบาย

Verifies your API key and returns your dive school information. This endpoint is used by Zapier to authenticate your connection.

การยืนยันตัวตน

Requires a Zapier API key (created in Settings > Integrations > Zapier Integration)

Request Headers

api_key: your_zapier_api_key
# OR
X-API-Key: your_zapier_api_key

การตอบกลับ (สำเร็จ - 200)

{
  "status": "1",
  "school_name": "Your Dive School Name",
  "school_id": 123
}

การตอบกลับ (ข้อผิดพลาด - 401)

{
  "status": "0",
  "message": "Invalid API Key"
}

Zapier สร้าง Lead

Endpoint

POST https://diveadmin.com/api/v1/zapier/create-lead

คำอธิบาย

Creates a new lead in Dive Admin. If a diver with the same email exists, the lead will be associated with that diver. Otherwise, a new diver will be created.

การยืนยันตัวตน

Requires a Zapier API key (created in Settings > Integrations > Zapier Integration)

Request Headers

Content-Type: application/json
api_key: your_zapier_api_key
# OR
X-API-Key: your_zapier_api_key

พารามิเตอร์ใน Request Body

พารามิเตอร์	ประเภท	จำเป็น	คำอธิบาย
`first_name`	string	Yes	First name of the lead/diver (max 255 characters)
`surname`	string	No	Last name of the lead/diver
`email`	string (email)	No	Email address (used to find existing divers)
`phone` or `mobile`	string	No	Phone number (either field name works)
`status`	string	No	Lead status: `enquiry`, `sale`, `process`, or `lost` (default: `enquiry`)
`value`	numeric	No	Lead value/amount (default: 0)
`message`	string	No	Lead message/notes (default: "No Message.")
`arrival_date`	date string	No	Arrival date (format: YYYY-MM-DD or any date format Laravel can parse)
`departure_date`	date string	No	Departure date (format: YYYY-MM-DD or any date format Laravel can parse)
`group_size`	integer	No	Number of people in the group

ตัวอย่างคำขอ

POST /api/v1/zapier/create-lead
Content-Type: application/json
api_key: your_zapier_api_key

{
  "first_name": "John",
  "surname": "Doe",
  "email": "[email protected]",
  "phone": "+1234567890",
  "status": "enquiry",
  "value": 500,
  "message": "Interested in PADI Open Water course",
  "arrival_date": "2024-06-15",
  "departure_date": "2024-06-20",
  "group_size": 2
}

การตอบกลับ (สำเร็จ - 201)

{
  "status": "1",
  "message": "Lead Created",
  "lead_id": 123,
  "diver_id": 456
}

การตอบกลับ (ข้อผิดพลาด - 401)

{
  "status": "0",
  "message": "Invalid API Key"
}

หมายเหตุ

Leads are automatically tagged with source_channel: 'zapier'
Lead notification emails are automatically sent when a lead is created
The system automatically creates or finds existing divers based on email, first name, and surname

WordPress สร้าง Lead

Endpoint

POST https://diveadmin.com/api/v1/wordpress/newlead

คำอธิบาย

Creates a new lead from a WordPress website. If a diver with the same email exists, the lead will be associated with that diver. Otherwise, a new diver will be created.

การยืนยันตัวตน

Requires a WordPress API key (created in Settings > Integrations > Wordpress Website)

Request Headers

Content-Type: application/json
api_key: your_wordpress_api_key
# OR
X-API-Key: your_wordpress_api_key

พารามิเตอร์ใน Request Body

พารามิเตอร์	ประเภท	จำเป็น	คำอธิบาย
`first_name`	string	No	First name of the lead/diver (default: "?")
`surname`	string	No	Last name of the lead/diver (default: "?")
`email`	string (email)	No	Email address (used to find existing divers)
`phone`	string	No	Phone number
`status`	string	No	Lead status (default: `enquiry`)
`value`	numeric	No	Lead value/amount (default: 0)
`message`	string	No	Lead message/notes (default: "No Message.")
`arrival_date`	date string	No	Arrival date

ตัวอย่างคำขอ

POST /api/v1/wordpress/newlead
Content-Type: application/json
api_key: your_wordpress_api_key

{
  "first_name": "Jane",
  "surname": "Smith",
  "email": "[email protected]",
  "phone": "+1234567890",
  "status": "enquiry",
  "value": 300,
  "message": "Interested in diving trip",
  "arrival_date": "2024-07-01"
}

การตอบกลับ (สำเร็จ - 200)

{
  "status": "1",
  "message": "Lead Created"
}

การตอบกลับ (ข้อผิดพลาด - 200 พร้อมสถานะข้อผิดพลาด)

{
  "status": "0",
  "message": "Invalid API Key"
}

หมายเหตุ

Leads are automatically tagged with source_channel: 'wordpress'
Lead notification emails are automatically sent when a lead is created
The message field will automatically append " - Created via WordPress Plugin"

MCP Server

The Model Context Protocol (MCP) lets AI assistants like Claude Desktop, ChatGPT and Gemini call tools in your Dive Admin account on your behalf. It's the same tool set that powers our in-app assistant, Coral — search divers, look up trips, create leads, send invoices, print manifests, and more.

Every request is scoped to a single dive school, runs as the user who issued the token, and enforces that user's live staff permissions. Tools outside the token's allowed scope are never exposed.

Endpoint และการค้นพบ

MCP endpoint

POST https://diveadmin.com/api/v1/mcp

JSON-RPC 2.0 over HTTP. Supported methods: initialize, tools/list, tools/call, ping.

ข้อมูลเมตาสำหรับการค้นพบ

GET https://diveadmin.com/.well-known/oauth-protected-resource — points MCP clients at the authorization server (RFC 9728).
GET https://diveadmin.com/.well-known/oauth-authorization-server — OAuth server metadata (RFC 8414).

การยืนยันตัวตน

Two options:

Static token — created in Settings › Integrations › MCP Server. Simplest for self-hosted setups (Claude Desktop / Claude Code config). Tokens look like mcp_….
OAuth access token — for app-store-listed MCP clients. The token must have the mcp scope.

Send the token as: Authorization: Bearer <token>

ตั้งค่าใน Claude Desktop

Open Claude Desktop › Settings › Developer › Edit Config and add:

{
  "mcpServers": {
    "diveadmin": {
      "transport": "http",
      "url": "https://diveadmin.com/api/v1/mcp",
      "headers": { "Authorization": "Bearer YOUR_TOKEN_HERE" }
    }
  }
}

Clients that support OAuth discovery can skip the token-paste step: point them at the MCP URL and they will follow the WWW-Authenticate header to the authorization server, prompt the user to sign in, and receive an access token automatically.

รูปแบบความปลอดภัย

Tokens hashed (SHA-256) at rest — plaintext shown once and never stored.
IP-based brute-force lockout (10 failures → 15-minute cool-down).
Per-token rate limit (120 requests/minute).
Revoking a token or disabling the integration takes effect immediately.
OAuth diveadmin.<permission> scopes (e.g. diveadmin.leads) narrow which tools a token can reach.

OAuth 2.1 — เข้าสู่ระบบด้วย DiveAdmin

Use OAuth 2.1 to add "Login with DiveAdmin" to your own site, to build apps that call Dive Admin on a user's behalf, or to list an MCP client in the Claude / ChatGPT directories. The flow is standard authorization-code + PKCE, so Laravel Socialite, openid-client, oauth2-client (PHP League), simple-oauth2 (Python) and most other libraries work out of the box.

Endpoints

Metadata (RFC 8414)	`GET https://diveadmin.com/.well-known/oauth-authorization-server`
Authorize	`GET https://diveadmin.com/oauth/authorize`
Token	`POST https://diveadmin.com/api/oauth/token`
User info	`GET https://diveadmin.com/api/oauth/userinfo`
Revoke (RFC 7009)	`POST https://diveadmin.com/api/oauth/revoke`
Dynamic registration (RFC 7591)	`POST https://diveadmin.com/api/oauth/register`

Flow ที่รองรับ

Authorization code + PKCE (S256). Public clients must send code_challenge; confidential clients authenticate at the token endpoint via HTTP Basic or client_secret_post.

Scopes

Scope	วัตถุประสงค์
`openid`	Sign the user in
`profile`	Return name at `/userinfo`
`email`	Return email + verified flag at `/userinfo`
`mcp`	Use the MCP server with this token
`offline_access`	Issue a refresh token
`diveadmin.<perm>`	Narrow MCP/API access to a specific DiveStaff permission (e.g. `diveadmin.leads`, `diveadmin.divers`, `diveadmin.finance_invoices`)

การลงทะเบียนแอปพลิเคชัน

First-party apps (including "Login with DiveAdmin" on your own diving website): contact DiveAdmin support to register your app. We enter the redirect URI(s), pick scopes, and issue a client_id (and client_secret if confidential).

Third-party apps (e.g. a commercial MCP client listed in a directory): POST to the dynamic registration endpoint with your name, redirect URIs and grant types. Tokens require an end-user consent screen at first use.

ตัวอย่าง: เข้าสู่ระบบด้วย DiveAdmin

1. Redirect the user to:
   https://diveadmin.com/oauth/authorize?response_type=code
     &client_id=YOUR_CLIENT_ID
     &redirect_uri=https://yoursite.com/auth/diveadmin/callback
     &scope=openid+profile+email
     &state=RANDOM_NONCE
     &code_challenge=BASE64URL(SHA256(verifier))
     &code_challenge_method=S256

2. On callback, exchange the code for tokens:
   POST https://diveadmin.com/api/oauth/token
     grant_type=authorization_code
     code=...
     redirect_uri=https://yoursite.com/auth/diveadmin/callback
     client_id=YOUR_CLIENT_ID
     code_verifier=... (PKCE verifier)

3. Fetch the user's profile:
   GET https://diveadmin.com/api/oauth/userinfo
     Authorization: Bearer <access_token>
   => { "sub": "123", "name": "...", "email": "...", "email_verified": true }

รูปแบบความปลอดภัย

Client secrets, authorization codes and tokens are all SHA-256 hashed at rest.
Redirect URIs are exact-match — no wildcards, no subpaths.
Authorization codes are single-use and expire after 10 minutes.
Refresh tokens rotate on use (the old one stops working).
Access tokens are revocable; disabling a client or revoking a user's consent invalidates tokens immediately.
Scopes can never exceed the owning user's live DiveStaff permissions.

REST API

We publish individual REST endpoints for each supported integration (Zapier, WordPress, Wix, Shopify — documented above and in the integration-specific setup guides). A general-purpose REST API key is also available under Settings › Integrations › REST API, but the surface of that API is currently bespoke per integration.

If you need a custom REST integration with a specific endpoint shape, please contact us — we prioritise the endpoints our customers actually need rather than shipping a large speculative surface.

For AI-driven read/write access, we recommend MCP — it already exposes the full Coral tool set, with permission scoping and discovery baked in.

ต้องการความช่วยเหลือ?

If you need assistance with API integration or have questions about these endpoints, please contact us.