Oracle Crowdtwist
Authentication & Authorization
Credentials
- Oracle Crowdtwist uses API key that is passed as Basic authorization header to allow access to the API.
- Oracle Crowdtwist expects the API key to be included in all API requests to the server as a query string parameter. The only exception - Purchase History endpoint that expects API key in X-CT-Authorization header.
- API Key can be obtained from the Oracle Crowdtwist support (see Oracle Crowdtwist Connection Instructions ).
- Publicly exposing your API credentials can allow unauthorized access to the Oracle Crowdtwist API endpoints, and your Oracle Crowdtwist data by a third party. DataGrail stores your API credentials encrypted and protected.
Base URL
The base url for the API requests depends on the API endpoint. DataGrail uses Main API Endpoint and POS API Endpoint domains, examples (for sandbox):
-
Main: sb-api306.crowdtwist.com
-
POS: sb-pos306.crowdtwist.com
Example of the base URL for the main endpoint : https ://sb-api306.crowdtwist.com/v2,
POS base URL: https ://sb-pos306.crowdtwist.com
where v2 - API version.
Endpoints Utilized
DataGrail uses the following endpoint to validate that credentials are good based on a successful response:
-
GET {MAIN_BASE_URL}/users/{user_id}
-
GET {POS_BASE_URL}/users/{user_id}/purchases
Limits
- DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Access
For an access request, DataGrail will take the following actions:
-
Search for User Profile and Members whose email or ID matches the Data Subject email or User ID. For all collected User and/or Members:
-
Fetch User Activities by the User or Member ID
-
Fetch User Rewards by the User or Member ID
-
Fetch User Purchase History by the User or Member ID
-
Fetch User Receipt History by the User or Member ID
-
Fetch User Redemption History by the User or Member ID
-
For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
Endpoints Utilized
-
GET {MAIN_BASE_URL}/users/{user_id}
-
POST {MAIN_BASE_URL}/members
-
GET {MAIN_BASE_URL}/users/{user_id}/activities
-
GET {MAIN_BASE_URL}/users/{user_id}/rewards
-
GET {MAIN_BASE_URL}/users/{user_id}/activities
-
GET {POS_BASE_URL}/users/{user_id}/purchases
-
GET {MAIN_BASE_URL}/users/{user_id}/receipts
-
GET https ://{MAIN_API_SUBDOMAIN}.crowdtwist.com/v2.2/users/{user_id}/redemption_history
DataGrail also supports the Direct Contact Access workflow for Oracle Crowdtwist.
Deletion
For a deletion request, DataGrail will take the following actions:
-
Request User deletion. This request will be processed asynchronously, deletion may not be performed immediately.
-
If User for the deletion is present, their user_id will be returned in the response and will be used in API call to check User deletion status and confirm when it's done.
Endpoints Utilized
-
DELETE {MAIN_BASE_URL}/users/{user_id}
-
GET {MAIN_BASE_URL}/users/delete/{user_id}
DataGrail also supports the Direct Contact Deletion workflow for Oracle Crowdtwist.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.