JSON Rest API
You can find a swagger-style list of routes/endpoints at Documentation for Api Version 3. This includes a complete list of endpoints along with a getting started guide.
The new work in progress for version 4 is located at: Documentation for Api Version 4.
Authentication and access levels
With the changes coming in
v4, we’ve created a graphical overview for you to better understand the different authentication methods and their respective access levels.
To understand the lattice:
- The lattice below should be read top-down.
- The boxes are the different roles that our backend knows about
- For every box, there’s a set of “abilities” that the particular role can do.
- If there is a line from A down to B, it means that A can do everything that B can do
Below is an explanation of the different roles and their access. Please note that the list of abilities is not comprehensive.
Technically we haven’t implemented employee access explicitly, but Emplate employees have access to the underlying systems, which mean they can do everything to the data.
A profile guest is someone who has authenticated using their profile (Facebook, Email etc.). In addition to everything that Anonymous Guests and Public Key Access, they can: - Create actions (check-ins, first time login etc.) - Redeem prizes for points earned by performing actions - Deactivate their own profile (essentially deleting it through anonymization)
An anonymous guest is somebody who is authenticated using the Secret key.
In addition to having public key access, they can:
- Post usage data to the backend (postviews, mobile event data etc.)
- Read and update their subscriptions and inbox
- Ask the API about their own info
Dashboard Users are the shopping mall staff that have administrative access to their organization, beacons and content. In addition to what shop users can do, they can: - Perform CRUD on beacons, posts and more for their organization - Read aggregate and detailed usage analytics for their organization
Shop users work at a Shop inside a shopping mall. In addition to public key access, they can: - Perform CRUD on campaigns for their shops beacons, including (but not limited to): - Campaign content - Periods for campaigns - Upload images for thumbnail and campaign content - Read aggregate usage data for their shop
Public Key Access
Public key access is provided to anyone that sets the
X-Public-Key header to an appropriate value. Someone with public key access can:
- Read-only access to all data from the organization that the public key belongs to that is marked as publicly available