Oauth 2.0 Implementation for Xoxoday Client
Xoxoday implemented standard Oauth 2.0 protocol for its clients to access relevant resources.
Let’s go through the steps of implementing the Oauth Client side.
STEP 1 - Client Registration
To register your company as a client with Xoxoday, please follow one of the following methods
Please get in touch with our Implementation specialist by dropping an email to cs@xoxoday.com with the following details:
Base Currency ( This is the currency in which your account will be charged upon redemptions )
Once you share the above details, we will do a quick internal review and approve within 1-2 hours.
Once you are signed up, you will receive an account confirmation email. You can use the link in that email to reset your password and login into your plum admin dashboard and start the integration process.
Step 2: Generating Client ID & Secret Key
A. Use our
marketplace URL to log in to your plum admin account.
B: Generate Client ID
In the next step, go to the setting option on the left panel, select "Settings" on the left panel ,and then "Platform preferences" from the dropdown. Select "Rewards API" tab as shown below.
Click on the "Generate Client ID" button.
A pop-up will appear showing the scope of Integration i.e Plum Pro API, click on the Generate button.
You will now be able to find Client ID and Secret ID on the dashboard as shown below.
Step 3: Generating Access & Refresh token
Now you have the client id and secret key, you can generate both the access and refresh token by clicking on the " Generate Token " button.
You can copy both the tokens for further use.
Note: Once you have both the token, you can manage your tokens via these steps
PLEASE NOTE:
OAUTH_URL value for
Development - https://stagingaccount.xoxoday.com/chef
Production - https://accounts.xoxoday.com/chef
Step 4:Generating Access Token from Refresh Token
This can be achieved by making a POST request shown below:
Copy curl -X POST {OAUTH_URL}/v1/oauth/token/{token_type}
--header 'Content-Type: application/json'
-d '{
"grant_type":"refresh_token",
"refresh_token":"064be187f42e9238122ef9d7a985c8800dff3752",
"client_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxx",
"client_secret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}'
Different variables associated with this POST request are described below:
The response to this request will be of similar format as that of Step 3 shown below:
Copy {
"access_token": "eysdkhsdbjbdfsNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1NTAxMzYsImV4cGlyZXNBdCI6IjIwMTktMDctMDZUMDc6MDI6MzAuMTM2WiIsInRva2VuX3R5cGUiOiJDT01QQU5ZIn0sImFfdCI6ImY3ZWM1MWMyYmE0ZGNmNzY2ZWE0ZDExMTI3ZjEzZjQzZjAwZmNhsdjhfbsfdjblfs",
"token_type": "bearer",
"expires_in": 2592000,
"refresh_token": "sdff064be187f42e9238122ef9d7a985c8800dff3752"
}
Please note that the refresh_token generated with this response will be a new refresh_token. So going forward, the client must replace the old refresh_token with the new one.
Visual representation to understand Token Management Step 1:
Access Token Validation
At any point, if the user wants to validate if the access_token is valid or not, the user can call the endpoint defined below:
Copy curl -X GET {OAUTH_URL}/v1/oauth/token
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ'
--header 'Content-Type: application/json'
Here the user will pass the bearer token (user) in the header.
The response of the request will be following for success and failure case
Sucess
Copy {
"access_token": "eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJ",
"token_type": "bearer",
"expires_in": 1291911023
}
STEP 5 - Apis and Options
Xoxo link campaigns list
Based on the user access_token obtained in STEP 3 or STEP 4, clients can make requests to Xoxoday based on the scoped allowed requests for generating user access_token.
Here is the sample API request for accessing the campaign list API.
Copy curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
-d '{
"tag":"xoxo_link",
"query":"xoxo_link.query.campaignList",
"variables" : { "add_data": { "limit": 10, "offset": 0, "name": "", “enabled” : 1} }
}'
“enabled” key is optional (1: all enabled campaigns, 0: all disabled campaigns)
If the “enabled” key is not sent, it will return all the campaigns with status in each.
Here in the above request
Authorization header is the Bearer User access_token obtained by the client from STEP 3/STEP
The response to the above request is:
Copy {
"data": {
"campaignList": {
"success": 1,
"data": [
{
"campaignId": 1,
"campaignName": "Campaign 1",
"denomination_value": 50,
"countryName": "India",
"currencyCode": "INR",
"created_date": "2020-06-03T22:06:23.000Z",
"product_count": 2,
"status" : 1
},
{
"campaignId": 2,
"campaignName": "Campaign 2",
"denomination_value": 100,
"countryName": "India",
"currencyCode": "INR",
"created_date": "2020-06-01T11:33:22.000Z",
"product_count": 10,
"status" : 0
},
{
"campaignId": 3,
"campaignName": "Campaign 3",
"denomination_value": 500,
"countryName": "India",
"currencyCode": "INR",
"created_date": "2020-06-01T11:26:35.000Z",
"product_count": 5,
"status" : 1
}
]
}
}
}
Success<Integer>: 0 (Failure) / 1 (Successful)
data<Array>: campaign list and overview details in the array
Xoxo link Campaign Details API Access
Here is the sample API request for accessing Campaign Details API.
Copy curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
-d '{
"tag":"xoxo_link",
"query":"xoxo_link.mutation.campaignDetails",
"variables": { "data": {
"campaignId" : <campaignId>
}
}
}'
The response of above request is:
Copy {
"data": {
"campaignDetails": {
{
"success": 1,
"data": [
{
"campaignId": 1,
"campaignName": "Campaign 1",
"denomination_value": 50,
"currency_code": "INR",
"countryName": "India",
"vouchers": [
{
"name": "Cafe Coffee Day",
"image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/phpEM8etY_o4j0il.jpg"
},
{
"name": "Gaana",
"image": "https://res.cloudinary.com/dyyjph6kx/image/upload/gift_vouchers/data/vendor_experience/157527386957b2cac6b37385.57735634.jpg"
}
],
}
]
}
}
}
}
Status<Integer>: 0 (Failure) / 1 (Successful)
Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.
Links<Array>: links in the array as per quantity requested.
Generate xoxo link API Access
Here is the sample API request for accessing generate link API.
Copy curl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
-d '{
"tag":"xoxo_link",
"query":"xoxo_link.mutation.generateLink",
"variables": { "data": {
"campaignId" : <campaignId>,
"links_quantity" : <quantity>,
"link_expiry" : "DD-MM-YYYY"
}
}
}'
The response to the above request is:
Copy {
"data": {
"generateLink": { "success": Status,
"message": "Message",
"links" : ["{link1}, {link2}, {link2}, ..."] }
}
}
Status<Integer>: 0 (Failure) / 1 (Successful)
Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.
Links<Array>: links in the array as per quantity requested
Generate xoxo link API Access with email_id
Here is the sample API request for accessing the generate link API.
Request Response
Copy // Some codecurl -X POST {OAUTH_URL}/v1/oauth/api
-H 'Authorization: Bearer eyJ0b2tlbkNvbnRlbnQiOnsiaXNzdWVkRm9yIjoiRnJlc2h3b3JrcyIsInNjb3BlIjoiIiwiaXNzdWVkQXQiOjE1NTk4MDQ1Nzg1ODIsImV4cGlyZXNBdCI6IjIwMTktMDYtMjFUMDc6MDI6NTguNTgyWiIsInRva2VuX3R5cGUiOiJVU0VSIn0sImFfdCI6ImV5SmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJaXdpWVd4bklqb2lSVU5FU0MxRlV5SXNJbXRwWkNJNkltVnVZeUlzSW1Wd2F5STZleUpyZEhraU9pSkZReUlzSW1OeWRpSTZJbEF0TWpVMklpd2llQ0k2SWpoMmJVTkVRMUZQZW1wQlNHWndabXQ0TVhjNVluZHphM1JhZWtRek0ySXRZamx0VVhSclEyRnhNV3NpTENKNUlqb2lZMGR0V2kxdWIySjBWbUptTVdGdVNraDBUMmxoWW5VMFZHUlVhRzVVYmpCYWRuWnJabGMwYzBWb2N5SjlmUS4uU1h3TlNUSWhFUXNlN0htaXpPUmFIQS5NRzBVUy1lek1IOEFsbWFLc2ZTY3Nwa2FlYzBIcW9FcUV1YXRoNHRSTTRpeVg2dFByX1ZjTnlsdnk5YjlGLTZHR01DbjY1TjYwYnpIUUJtRVZvZGRYVWlvQS1kTkpuaE9KdThHczRfeW9pM042VGFOdWhjRENCUGtwWk1CeTlDRjJBaEh4UGotQkd0SzdEamhNbjBBQXpTM1VhTE11eUdrTmNwSGxQSUxNcFlVM'
-d '{
"tag":"xoxo_link",
"query":"xoxo_link.mutation.generateLinkEmail",
"variables": { "data": {
"campaignId" : <campaignId>,
"email_ids" : <comma separated email_ids>,
"link_expiry" : <DD-MM-YYYY>
}
}
}
Status<Integer>: 0 (Failure) / 1 (Successful)
Message<String!Object>: User-friendly Error message in case of Failure / Success message in case of success.
Copy "data": {
"generateLinkEmail": {
"success": Status,
"message": "Message"
}
}