Xoxoday
  • 📓User Resources
    • 👨‍💼For Admins
      • 📌Getting Started
        • ⚙️Settings
          • Manage Super Admin/Admins
            • Hierarchy vs Non-Hierarchy
            • Threshold
            • Delete an Admin
            • Redemption APIs
              • Generic Redemption APIs
              • Oauth 2.0 Implementation for Stores Redemption
          • Platform Preferences
          • Account Verification
        • Types of Companies
      • 🚀Plum Launch Communication Kit
        • 🌉Pre-Launch Templates
        • 🤝Introduction to Plum Templates
        • 📺How to Sign up on Plum’s reward storefront Template
        • 📑How to Bookmark Plum’s reward storefront for easy access Template
        • 🎉How to Redeem the Rewards on Plum’s Reward Storefront?
      • Xoxo Points
        • 📌Getting Started
        • 🚚Distribution of Xoxo-points
        • 📩Email/SMS Customization
        • FAQs
      • Xoxo Codes
        • 📌Getting Started
        • 🚚Distribution of Xoxo-codes
        • 📩Email, SMS, and Xoxo Code Campaign Customization
        • FAQs
      • Points vs Codes
      • Xoxo Links
        • 📌Getting Started
        • 🚚Distribution of Xoxo-links
        • FAQs
      • Domain Authentication Guide
        • Troubleshooting Domain Authentication
      • 💰Add Funds
        • Base Currency
      • Campaigns
        • Getting Started
        • Editing a campaign?
        • Delete/disabling a Xoxo Campaign?
      • 🏬Reports
      • 💳Prepaid Card User Guide
        • Virtual Paypal International
          • 📌Getting Started
          • 📭How to Redeem?
        • Virtual Visa Card
          • 📌Getting Started
          • 💳How to Redeem?
      • 🔐Security and Compliance
        • Cryptography & Encryption
        • Email Whitelisting
        • Governance, Risk, & Data Compliance
        • Application,Dev & Security
        • Cloud Security
        • HR Compliance
        • Identity & Access Management
        • Solution Development
        • Security Operations
        • Training and Awareness
        • Vulnerability and Threat Management
        • Security Operations & Technical Capabilities and Support
        • Data Management
        • Policies & Procedures
        • Tax Compliance
        • Privacy Compliance
        • Cloud Security Alliance
        • Others
        • Documents
          • Data Security
          • Information Security
          • Admin/Business
          • Others
          • Finance Compliance
    • 🧑‍🤝‍🧑For End-Users
      • 📌Getting Started
      • 🧑‍💻Signing up/Logging in
      • 🪙How to redeem?
      • 💳Gift Vouchers
      • 🎁Gift Box Queries
      • 🚚Delivery Related Issues
      • 🛑Cancelation/Refunds
    • 🔗Pre-Built Integrations
      • Qualtrics Integration Guide
        • Using Qualtrics Workflow Extension to Send Rewards
        • Public Survey Rewarding
        • Anonymous Survey Rewarding
      • HubSpot + Plum
        • 1-1 Reward Widget in HubSpot
        • Workflow Based Reward Automation
        • 1-Many Link for Xoxolink’s Reward Automation
        • Email based Reward Automation
      • Darwinbox + Plum
      • SurveyMonkey + Plum
        • Public Survey Automation
        • Anonymous Survey Automation
      • Zapier + Plum
      • ActiveCampaign + Plum
        • Creating Automation
      • Salesforce + Plum
        • Getting Started with Xoxoday Plum
        • Getting Started and Setting up Salesforce Integration
        • Sending 1-1 Reward
        • Steps to create a Flow and add a Trigger
        • Redemption Journey for your Recipients
      • Typeform + Plum by Xoxoday
      • Zoho People + Plum
      • SAP Successfactors + Plum
        • SAP Client Registration with Xoxoday for Stores Redemption
      • Decipher - Forsta Integration
      • Zoho CRM
        • Send 1-1 rewards
        • Automation : Workflow Rules
      • Connect Plum to thousands of apps using Zapier
      • Other Integrations
    • 🛣️Product Roadmap
      • 2022
      • 2021
  • 👨‍💻Developer Resources
    • Rewards API
      • Getting started
      • API Endpoints
        • Authentication
          • Client ID, Secret ID, and Token Creation
          • Token Management
        • Catalog
          • GetVouchers API
          • GetFilters API
        • Orders
          • PlaceOrder API
          • GetOrderDetails API
          • GetOrderHistory API
        • Account Balance
          • GetBalance API
        • Postman Collection URL
      • Concepts
        • Staging Environment
        • Catalog
        • Error Handling
          • Standard HTTP status code summary
          • Errors related to API
        • Exchange Rates
      • Guides
        • Funding the Account
        • Reporting and Analytics
      • Webhooks
        • Test Webhooks
        • How to implement webhooks?
        • How to secure your webhooks?
      • Forex
      • Best Practices
      • Frequently Asked Questions
    • StoreFront Integration
      • Getting started
      • API Endpoints
        • Authorization
        • Token Creation & Token Management
        • SSO Redirection
        • End Points
      • Concepts
        • Points
      • Guides
        • Funding Account
        • Reports and Analytics
    • Xoxo Link API
    • Roadmap for 2021
  • 📅Release Notes
    • Release April 2023
    • Release March 2023
    • Release February 2023
    • Release December 2022
    • Release October 2022
    • Release September 2022
    • Release July 2022
    • Release May 2022
    • Release March 2022
    • Release February 2022
    • Release December 2021
    • Release November 2021
    • Release October 2021
    • Release September 2021
    • Release July 2021
    • Release May 2021
    • Release March 2021
    • Release December 2020
    • Release October 2020
    • Release September 2020
    • Release August 2020
    • Release June 2020
    • Release May 2020
    • Release April 2020
    • Release March 2020
Powered by GitBook
On this page
  • Oauth 2.0 Implementation for Xoxoday Client
  • STEP 1 - Client Registration
  • Step 2: Generating Client ID & Secret Key
  • A. Use our marketplace URL to log in to your plum admin account.
  • B: Generate Client ID
  • Step 3: Generating Access & Refresh token
  • Step 4:Generating Access Token from Refresh Token
  • Visual representation to understand Token Management Step 1:
  • Access Token Validation
  • STEP 5 - Apis and Options
  • Xoxo link campaigns list
  • Xoxo link Campaign Details API Access
  • Generate xoxo link API Access
  • Generate xoxo link API Access with email_id

Was this helpful?

  1. Developer Resources

Xoxo Link API

PreviousReports and AnalyticsNextRoadmap for 2021

Last updated 2 years ago

Was this helpful?

Oauth 2.0 Implementation for Xoxoday Client

Xoxoday implemented standard Oauth 2.0 protocol for its clients to access relevant resources.

Let’s go through the steps of implementing the Oauth Client side.

STEP 1 - Client Registration

To register your company as a client with Xoxoday, please follow one of the following methods

Please get in touch with our Implementation specialist by dropping an email to with the following details:

  • Company Name

  • Your Full Name

  • Work Email

  • Company Address

  • City, State

  • Zip Code

  • Country

  • Contact Number

  • Base Currency ( This is the currency in which your account will be charged upon redemptions )

Once you share the above details, we will do a quick internal review and approve within 1-2 hours.

Once you are signed up, you will receive an account confirmation email. You can use the link in that email to reset your password and login into your plum admin dashboard and start the integration process.

Step 2: Generating Client ID & Secret Key

B: Generate Client ID

In the next step, go to the setting option on the left panel, select "Settings" on the left panel ,and then "Platform preferences" from the dropdown. Select "Rewards API" tab as shown below.

Click on the "Generate Client ID" button.

A pop-up will appear showing the scope of Integration i.e Plum Pro API, click on the Generate button.

You will now be able to find Client ID and Secret ID on the dashboard as shown below.

Step 3: Generating Access & Refresh token

Now you have the client id and secret key, you can generate both the access and refresh token by clicking on the " Generate Token" button.

You can copy both the tokens for further use.

PLEASE NOTE:

Step 4:Generating Access Token from Refresh Token

This can be achieved by making a POST request shown below:

curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type} 
--header 'Content-Type: application/json'
  -d '{
  "grant_type":"refresh_token",
  "refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752",
  "client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}'

Different variables associated with this POST request are described below:

Variables

Status

Description

token_type*

Required

user

grant_type*

Required

Grant type should be access token

refresh_token*

Required

Add the refresh token here received in Step 3

client_id*

Required

Add the client id received in Step 2

client_secret*

Required

Add the client secret received in Step 2

The response to this request will be of similar format as that of Step 3 shown below:

{
    "access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs",
    "token_type": "bearer",
    "expires_in": 2592000,
    "refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752"
}

Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.

Visual representation to understand Token Management Step 1:

Access Token Validation

At any point, if the user wants to validate if the access_token is valid or not, the user can call the endpoint defined below:

curl -X GET {OAUTH_URL}/v1/oauth/token 
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ'
--header 'Content-Type: application/json'

Here the user will pass the bearer token (user) in the header. The response of the request will be following for success and failure case

{
    "access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ",
    "token_type": "bearer",
    "expires_in": 1291911023
}

STEP 5 - Apis and Options

Xoxo link campaigns list

Based on the user access_token obtained in STEP 3 or STEP 4, clients can make requests to Xoxoday based on the scoped allowed requests for generating user access_token.

Here is the sample API request for accessing the campaign list API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.query.campaignList",
  "variables" : { "add_data": { "limit": 10, "offset": 0, "name": "", “enabled” : 1} }

}'

“enabled” key is optional (1: all enabled campaigns, 0: all disabled campaigns) If the “enabled” key is not sent, it will return all the campaigns with status in each.

Here in the above request

Authorization header is the Bearer User access_token obtained by the client from STEP 3/STEP

The response to the above request is:

{
 "data": { 
     "campaignList": {
     "success": 1,
     "data": [
         {
             "campaignId": 1,
             "campaignName": "Campaign 1",
             "denomination_value": 50,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-03T22:06:23.000Z",
             "product_count": 2,
                           "status" : 1
         },
         {
             "campaignId": 2,
             "campaignName": "Campaign 2",
             "denomination_value": 100,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-01T11:33:22.000Z",
             "product_count": 10,
                           "status" : 0
         },
         {
             "campaignId": 3,
             "campaignName": "Campaign 3",
             "denomination_value": 500,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-01T11:26:35.000Z",
             "product_count": 5,
                           "status" : 1
         }
     ]
 }
 }
}

Success<Integer>: 0 (Failure) / 1 (Successful)

data<Array>: campaign list and overview details in the array

Xoxo link Campaign Details API Access

Here is the sample API request for accessing Campaign Details API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.campaignDetails",
  "variables": {  "data": {  
                      "campaignId" : <campaignId>
       } 
   }
}'

The response of above request is:

{
 "data": { 
     "campaignDetails": {
 {
     "success": 1,
     "data": [
         {
             "campaignId": 1,
             "campaignName": "Campaign 1",
             "denomination_value": 50,
             "currency_code": "INR",
             "countryName": "India",
             "vouchers": [
                 {
                     "name": "Cafe Coffee Day",
                     "image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/phpEM8etY_o4j0il.jpg"
                 },
                 {
                     "name": "Gaana",
                     "image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/data/vendor_experience/157527386957b2cac6b37385.57735634.jpg"
                 }
             ],
         }
     ]
 }
 }
 }
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

Links<Array>: links in the array as per quantity requested.

Generate xoxo link API Access

Here is the sample API request for accessing generate link API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.generateLink",
  "variables": { "data": { 
   "campaignId" : <campaignId>,
   "links_quantity" : <quantity>,
   "link_expiry" : "DD-MM-YYYY"
   } 
   }
}'

The response to the above request is:

{ 
  "data": { 
     "generateLink": { "success": Status, 
                       "message": "Message", 
                       "links" : ["{link1}, {link2}, {link2}, ..."] }
  } 
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

Links<Array>: links in the array as per quantity requested

Generate xoxo link API Access with email_id

Here is the sample API request for accessing the generate link API.

// Some codecurl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.generateLinkEmail",
  "variables": { "data": { 
   "campaignId" : <campaignId>,
   "email_ids" : <comma separated email_ids>,
"link_expiry" : <DD-MM-YYYY>
   } 
   }
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

"data": { 

     "generateLinkEmail": { 

        "success": Status, 

        "message": "Message"

    }
  } 

A. Use our URL to log in to your plum admin account.

Note: Once you have both the token, you can manage your tokens via these

OAUTH_URL value for Development -

Production -

👨‍💻
cs@xoxoday.com
marketplace
steps
https://stagingaccount.xoxoday.com/chef
https://accounts.xoxoday.com/chef