Connecting your Kit account

dough requires a connection to your Kit (formerly ConvertKit) account to work. The connection uses OAuth 2.0, Kit’s standard authorization flow for App Store apps. Your credentials are never stored by dough — only encrypted access tokens.

Before you connect

You need:

• A Kit account with an active plan (free or paid).
• A verified dough account — you must verify your email before connecting Kit.

Connecting Kit

1. Log in to dough and go to Settings > Kit Connection.
2. Click Connect Kit.
3. You are redirected to Kit’s authorization page. Review the permissions dough is requesting.
4. Click Authorize to grant access.
5. Kit redirects you back to dough. You should see a green “Connected” badge.

The entire process takes about 30 seconds.

Required permissions

dough requests the following Kit OAuth scopes:

Scope	Why dough needs it
subscribers:read	Read subscriber data for segmentation and analytics.
subscribers:write	Write dietary preference tags and custom fields to subscribers.
broadcasts:read	Check existing broadcasts to avoid duplicates.
broadcasts:write	Create broadcast drafts with recipe cards.
tags:read	Read existing tags to avoid naming conflicts.
tags:write	Create dietary and recipe tags on subscribers.
sequences:read	Check if a subscriber is already in a sequence before enrolling them.
forms:read	List existing forms.
purchases:write	Record purchase events for revenue attribution.
webhooks:write	Register webhooks for subscriber events, link clicks, and purchases.

Note

All permissions are required. If you decline any scope, dough will not be able to function correctly and will prompt you to re-authorize with all scopes.

What happens after connecting

Once connected, dough:

1. Registers webhooks for subscriber events, link clicks, and purchases.
2. Creates the custom fields it needs (tags and fields).
3. Makes your Kit subscriber data available for segmentation.

No data is modified until you take an action (like sending a recipe card or confirming dietary tags).

Token management

dough manages your Kit access tokens automatically:

• Tokens are encrypted at rest using AES-256-GCM encryption. They are never stored in plain text.
• Tokens are refreshed automatically — dough refreshes your token before it expires (5 minutes before the expiration time).
• Tokens are never sent to your browser — all Kit API calls happen server-side.

Disconnecting

If you need to disconnect your Kit account:

1. Go to Settings > Kit Connection.
2. Click Disconnect.
3. dough removes the stored tokens and deregisters all webhooks.

After disconnecting:

• Recipe cards in already-sent emails continue to work (they are static HTML).
• The “Save This Recipe” button in already-sent emails will continue to redirect but will not tag subscribers or record engagement.
• You cannot insert new recipe cards, create broadcast drafts, or use any Kit-dependent features until you reconnect.

Caution

Disconnecting does not remove tags or custom fields that dough already created in your Kit account. Those remain in Kit and can be managed directly in Kit’s interface.

Handling connection issues

If Kit reports an error or your token cannot be refreshed:

• dough marks your connection as disconnected and shows a warning on your dashboard.
• All Kit-dependent features are disabled until you reconnect.
• To reconnect, go to Settings > Kit Connection and click Reconnect. You will go through the OAuth flow again.

Common reasons for disconnection:

• You changed your Kit password.
• You revoked dough’s access in Kit’s App Store settings.
• Kit experienced a temporary outage that caused the token refresh to fail.