BigAmbitions Membership & Login Bridge for GlueUp

BigAmbitions Membership & Login Bridge for GlueUp is an independent integration tool designed for organizations using the GlueUp platform (formerly EventBank). It provides a secure, branded gateway that bridges your WordPress site with your GlueUp database, allowing members to log in using their GlueUp credentials.

This plugin is not affiliated with, endorsed by, or officially connected to GlueUp. It simply integrates with the publicly available GlueUp API.

Unlike standard login plugins, this bridge doesn’t just check passwords—it validates the user’s real-time membership status. It ensures that only members in good standing (Active, Soon-to-Expire, or in a Grace Period) can access your protected content.

Key Features:
* Real-time API Authentication: Authenticate members securely against the GlueUp API.
* Intelligent Membership Check: Automatically verify if a member is Active, Soon-to-Expire, or in a Grace Period before allowing access.
* Organization-First White-Labeling: Customize the login experience with your own company name.
* Seamless Profile Sync: Automatically synchronize user names and company details from GlueUp to WordPress.
* Security First: Built with CSRF protection, data sanitization, and compatibility with brute-force protection plugins.
* Developer Friendly: Simple shortcode integration [glueup_login_form] and a clean administration dashboard.

External services

This plugin connects to the GlueUp API to authenticate members and verify their membership status.

Authentication (Login)

When a user submits the login form, the plugin sends their email address and an MD5-hashed password to the GlueUp session endpoint to obtain an authentication token.
Endpoint: https://api.glueup.com/v2/user/session

Membership Verification

After authentication, the plugin sends the session token to the GlueUp membership endpoint to check whether the user has an active membership.
Endpoint: https://api.glueup.com/v2/membership/activeApplicationList

Data transmitted

• User email address (on login)
• MD5-hashed user password (on login)
• Session token (on membership verification)
• API public and private keys (as HMAC authentication headers)

This data is only sent when a user actively submits the login form. No data is sent passively or on page load.

Service provider

These services are provided by GlueUp (https://www.glueup.com).
* Terms of Use: https://www.glueup.com/terms
* Privacy Policy: https://www.glueup.com/privacy