Thinkific Ops — Install & Setup
Requirements
- WordPress 6.0+
- PHP 8.0+
- An active Thinkific school with API credentials
- Access to
wp-config.php
Step 1 — Upload and activate
Upload the bb-saas-thinkific-ops folder to /wp-content/plugins/ and activate the plugin in WordPress.
Step 2 — Add the encryption key
Credentials are encrypted at rest. Before you can save any API credentials, add a secret key to wp-config.php:
define( 'BB_FW_ENCRYPTION_KEY', 'replace-with-a-long-random-secret' );
Use a random string of at least 32 characters. Keep this value out of version control.
If this constant is missing, the settings screen will display a warning and credentials will not save.
Step 3 — Enter your Thinkific credentials
Open Thinkific Command Center → Settings and fill in:
- Thinkific subdomain — the part before
.thinkific.comin your school URL - API key — from your Thinkific admin under Settings → API
- API token — from the same screen
Save settings, then click Run connection test to confirm the plugin can reach the Thinkific API.
Step 4 — Run initial sync
Click Sync now from the Settings screen. Wait for the sync to complete, then check the Overview, Revenue, and Learners screens to confirm data is arriving.
If the screens are empty after sync, confirm Thinkific has active courses, learners, and enrollments.
Optional — Attribution endpoint protection
Most installs can skip this section.
Use endpoint protection only if you need to lock down how attribution events are accepted.
When should I enable this?
- Use signed requests if attribution events are sent server-to-server (for example, via HubSpot Forms integration). If you're using our BB HubSpot Forms plugin, this is handled automatically.
- Use captcha mode if attribution events are submitted from public browser traffic and you want bot protection.
Choose one mode and add its constants to wp-config.php.
Option A — Signed requests (recommended for HubSpot Forms)
define( 'BB_TFO_ATTRIBUTION_SECRET', 'your-shared-secret' );
What this does:
- requires incoming attribution payloads to include a valid signature
- blocks unsigned or tampered requests
Option B — Captcha protection (recommended for public form traffic)
define( 'BB_TFO_CAPTCHA_PROVIDER', 'turnstile' ); // recaptcha_v3, turnstile, or hcaptcha
define( 'BB_TFO_CAPTCHA_SECRET', 'your-captcha-secret-key' );
What this does:
- verifies a captcha token before attribution payloads are accepted
- reduces automated abuse on public endpoints
What the base plugin provides
| Screen | What it shows |
|---|---|
| Overview | 30-day enrollment, revenue, attribution coverage, and learner risk snapshot |
| Revenue | Enrollments and revenue by course with UTM attribution, date filtering, and CSV export |
| Learners | Learner list with risk status, activity, and search — filterable and exportable |
| Settings | Credentials, sync controls, demo mode, and debug mode access |
Modes
Read-only mode is enabled by default and blocks any write operations to Thinkific. Leave it on unless you have a specific reason to write data back.
Demo mode swaps all analytics reads to isolated demo tables. Use it for walkthroughs, screenshots, or testing without touching live data. Live data is not affected while demo mode is active.
Debug mode unlocks additional diagnostic screens. It requires all three constants to be set:
define( 'BB_TFO_DEBUG', true );
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
Never leave debug mode enabled in a production environment.
Next step
For Pro features (Revenue Intelligence, Learner Intelligence, and Alert Rules), see Thinkific Ops Pro.