Xoxo Link API

Oauth 2.0 Implementation for Xoxoday Client

Xoxoday implemented standard Oauth 2.0 protocol for its clients to access relevant resources.

Let’s go through the steps of implementing the Oauth Client side.

STEP 1 - Client Registration

To register your company as a client with Xoxoday, please follow one of the following methods

Please get in touch with our Implementation specialist by dropping an email to cs@xoxoday.com with the following details:

  • Company Name

  • Your Full Name

  • Work Email

  • Company Address

  • City, State

  • Zip Code

  • Country

  • Contact Number

  • Base Currency ( This is the currency in which your account will be charged upon redemptions )

Once you share the above details, we will do a quick internal review and approve within 1-2 hours.

Once you are signed up, you will receive an account confirmation email. You can use the link in that email to reset your password and login into your plum admin dashboard and start the integration process.

Step 2: Generating Client ID & Secret Key

A. Use our marketplace URL to log in to your plum admin account.

B: Generate Client ID

In the next step, go to the setting option on the left panel, select "Settings" on the left panel ,and then "Platform preferences" from the dropdown. Select "Rewards API" tab as shown below.

Click on the "Generate Client ID" button.

A pop-up will appear showing the scope of Integration i.e Plum Pro API, click on the Generate button.

You will now be able to find Client ID and Secret ID on the dashboard as shown below.

Step 3: Generating Access & Refresh token

Now you have the client id and secret key, you can generate both the access and refresh token by clicking on the " Generate Token" button.

You can copy both the tokens for further use.

Note: Once you have both the token, you can manage your tokens via these steps

PLEASE NOTE:

OAUTH_URL value for Development - https://stagingaccount.xoxoday.com/chef

Production - https://accounts.xoxoday.com/chef

Step 4:Generating Access Token from Refresh Token

This can be achieved by making a POST request shown below:

curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type} 
--header 'Content-Type: application/json'
  -d '{
  "grant_type":"refresh_token",
  "refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752",
  "client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}'

Different variables associated with this POST request are described below:

Variables

Status

Description

token_type*

Required

user

grant_type*

Required

Grant type should be access token

refresh_token*

Required

Add the refresh token here received in Step 3

client_id*

Required

Add the client id received in Step 2

client_secret*

Required

Add the client secret received in Step 2

The response to this request will be of similar format as that of Step 3 shown below:

{
    "access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs",
    "token_type": "bearer",
    "expires_in": 2592000,
    "refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752"
}

Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.

Visual representation to understand Token Management Step 1:

Access Token Validation

At any point, if the user wants to validate if the access_token is valid or not, the user can call the endpoint defined below:

curl -X GET {OAUTH_URL}/v1/oauth/token 
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ'
--header 'Content-Type: application/json'

Here the user will pass the bearer token (user) in the header. The response of the request will be following for success and failure case

{
    "access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ",
    "token_type": "bearer",
    "expires_in": 1291911023
}

STEP 5 - Apis and Options

Based on the user access_token obtained in STEP 3 or STEP 4, clients can make requests to Xoxoday based on the scoped allowed requests for generating user access_token.

Here is the sample API request for accessing the campaign list API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.query.campaignList",
  "variables" : { "add_data": { "limit": 10, "offset": 0, "name": "", “enabled” : 1} }

}'

“enabled” key is optional (1: all enabled campaigns, 0: all disabled campaigns) If the “enabled” key is not sent, it will return all the campaigns with status in each.

Here in the above request

Authorization header is the Bearer User access_token obtained by the client from STEP 3/STEP

The response to the above request is:

{
 "data": { 
     "campaignList": {
     "success": 1,
     "data": [
         {
             "campaignId": 1,
             "campaignName": "Campaign 1",
             "denomination_value": 50,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-03T22:06:23.000Z",
             "product_count": 2,
                           "status" : 1
         },
         {
             "campaignId": 2,
             "campaignName": "Campaign 2",
             "denomination_value": 100,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-01T11:33:22.000Z",
             "product_count": 10,
                           "status" : 0
         },
         {
             "campaignId": 3,
             "campaignName": "Campaign 3",
             "denomination_value": 500,
             "countryName": "India",
             "currencyCode": "INR",
             "created_date": "2020-06-01T11:26:35.000Z",
             "product_count": 5,
                           "status" : 1
         }
     ]
 }
 }
}

Success<Integer>: 0 (Failure) / 1 (Successful)

data<Array>: campaign list and overview details in the array

Here is the sample API request for accessing Campaign Details API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.campaignDetails",
  "variables": {  "data": {  
                      "campaignId" : <campaignId>
       } 
   }
}'

The response of above request is:

{
 "data": { 
     "campaignDetails": {
 {
     "success": 1,
     "data": [
         {
             "campaignId": 1,
             "campaignName": "Campaign 1",
             "denomination_value": 50,
             "currency_code": "INR",
             "countryName": "India",
             "vouchers": [
                 {
                     "name": "Cafe Coffee Day",
                     "image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/phpEM8etY_o4j0il.jpg"
                 },
                 {
                     "name": "Gaana",
                     "image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/data/vendor_experience/157527386957b2cac6b37385.57735634.jpg"
                 }
             ],
         }
     ]
 }
 }
 }
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

Links<Array>: links in the array as per quantity requested.

Here is the sample API request for accessing generate link API.

curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.generateLink",
  "variables": { "data": { 
   "campaignId" : <campaignId>,
   "links_quantity" : <quantity>,
   "link_expiry" : "DD-MM-YYYY"
   } 
   }
}'

The response to the above request is:

{ 
  "data": { 
     "generateLink": { "success": Status, 
                       "message": "Message", 
                       "links" : ["{link1}, {link2}, {link2}, ..."] }
  } 
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

Links<Array>: links in the array as per quantity requested

Here is the sample API request for accessing the generate link API.

// Some codecurl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
  -d '{
  "tag":"xoxo_link",
  "query":"xoxo_link.mutation.generateLinkEmail",
  "variables": { "data": { 
   "campaignId" : <campaignId>,
   "email_ids" : <comma separated email_ids>,
"link_expiry" : <DD-MM-YYYY>
   } 
   }
}

Status<Integer>: 0 (Failure) / 1 (Successful)

Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.

Last updated