Skip to main contentSkip to search
Skip to main content

Cobot Captive Portal Integration

IronWiFi validates Cobot member WiFi logins in real time by calling the Cobot REST API at each captive portal login attempt. There is no account sync — the captive portal asks Cobot whether the member exists and whether their membership is currently active, and grants or denies WiFi based on the response. Cobot remains the source of truth for members and plans.

How It Works

  1. A member connects to the WiFi SSID and is redirected to your IronWiFi captive portal.
  2. The member submits their Cobot email and password on the splash page.
  3. IronWiFi POSTs those credentials to the Cobot API endpoint you configured on the captive portal's REST API authentication provider, passing your Cobot API token as a Bearer header.
  4. Cobot validates the credentials and the member's active membership, then returns 
    2xx
    to allow the session or 
    4xx
    to reject it.
  5. IronWiFi grants or denies the WiFi session based on the response.

The request and response contract is described in External Authentication via REST API.

Prerequisites

  • An IronWiFi account with a captive portal already created. See Captive Portals.
  • A Cobot account with admin access and the ability to issue an API token (typically via an OAuth application under Setup > OAuth applications).
  • A walled garden on your captive portal that allows the Cobot API hostname (see Walled Garden below).

Setup

In Cobot

  1. Log in to your Cobot admin at 
    https://yourspace.cobot.me
    .
  2. Go to Setup > OAuth applications and create a new application (for example, named IronWiFi Captive Portal). Capture:
    • The Client ID and Client Secret, or
    • A long-lived API access token with permission to read memberships.
  3. Note your Cobot subdomain — it forms the base URL for the Cobot API.
  4. Store the token securely — you will paste it into IronWiFi next.

In IronWiFi

  1. Open the IronWiFi Console and go to Captive Portals.
  2. Select the captive portal you want members to authenticate against.
  3. Go to Authentication Providers > Add and choose REST API.
  4. Configure the provider:
    • Endpoint URL: The Cobot endpoint for your space that validates the captive portal credential payload.
    • Bearer Token: The Cobot access token from the previous section.
  5. Save the provider. For field-by-field details, see the REST API provider configuration reference.
  6. Make sure the REST API provider is enabled on the captive portal's login page.

Walled Garden

Add the Cobot API hostnames to the captive portal's walled garden so the provider endpoint is reachable before the user is authenticated:

See Walled Garden for how to edit the list.

Testing

  1. Connect a test device to the SSID and wait for the captive portal to load.
  2. Log in with a known-active Cobot member — you should be granted WiFi.
  3. Try a cancelled or trial-expired member — the captive portal should show an authentication failure.
  4. In the IronWiFi Console, check the captive portal session log to confirm the request hit the Cobot API and returned the expected 
    2xx
    or 
    4xx
    .

Troubleshooting

  • 401/403 from Cobot — the API token is missing, wrong, or lacks the required scope. Reissue it from your Cobot OAuth application and re-paste into the REST API provider.
  • Request never reaches Cobot — the Cobot hostname is missing from the walled garden. Add it and retest.
  • Active members are rejected — confirm the member's membership is currently active in Cobot and that the subdomain in the endpoint URL is correct.
  • Previously working logins suddenly fail — the Cobot token may have been revoked or expired. Issue a new one and update the provider.

Was this page helpful?