JSON Rest API

You can find a swagger-style list of routes/endpoints at Documentation for Api Version 3. This includes a complete list of endpoints along with a getting started guide.

The new work in progress for version 4 is located at: Documentation for Api Version 4.

Authentication and access levels

With the changes coming in v4, we’ve created a graphical overview for you to better understand the different authentication methods and their respective access levels. To understand the lattice: - The lattice below should be read top-down. - The boxes are the different roles that our backend knows about - For every box, there’s a set of “abilities” that the particular role can do. - If there is a line from A down to B, it means that A can do everything that B can do

graph TD; emplate[Emplate] profile[Profile Guests] anon[Anonymous Guests] public[Public Key Access] user[Dashboard Users] shop[Shop Users] emplate --- profile profile --- anon anon --- public emplate --- user user --- shop shop --- public

Roles

Below is an explanation of the different roles and their access. Please note that the list of abilities is not comprehensive.

Emplate

Technically we haven’t implemented employee access explicitly, but Emplate employees have access to the underlying systems, which mean they can do everything to the data.

Profile Guests

A profile guest is someone who has authenticated using their profile (Facebook, Email etc.). In addition to everything that Anonymous Guests and Public Key Access, they can: - Create actions (check-ins, first time login etc.) - Redeem prizes for points earned by performing actions - Deactivate their own profile (essentially deleting it through anonymization)

Anonymous Guests

An anonymous guest is somebody who is authenticated using the Secret key. In addition to having public key access, they can: - Post usage data to the backend (postviews, mobile event data etc.) - Read and update their subscriptions and inbox - Ask the API about their own info GET /guests/me

Dashboard Users

Dashboard Users are the shopping mall staff that have administrative access to their organization, beacons and content. In addition to what shop users can do, they can: - Perform CRUD on beacons, posts and more for their organization - Read aggregate and detailed usage analytics for their organization

Shop Users

Shop users work at a Shop inside a shopping mall. In addition to public key access, they can: - Perform CRUD on campaigns for their shops beacons, including (but not limited to): - Campaign content - Periods for campaigns - Upload images for thumbnail and campaign content - Read aggregate usage data for their shop

Public Key Access

Public key access is provided to anyone that sets the X-Public-Key header to an appropriate value. Someone with public key access can: - Read-only access to all data from the organization that the public key belongs to that is marked as publicly available