Reflektive

Authentication & Authorization

Credentials

• Data on Reflektive’s platform can be retrieved by authenticating with a company’s secret API key.

• Authentication to the API is performed via token authentication using HTTP headers.

• API Key can be obtained from the Reflektive support (see the DataGrail Help Docs).

• Publicly exposing your API credentials can allow unauthorized access to the Reflektive API endpoints, and your Reflektive data by a third party. DataGrail stores your API credentials encrypted and protected.

Permissions

No special scopes or permissions required and used to connect API with related credentials.

Endpoints Utilized

DataGrail uses the following endpoint to validate that credentials are good based on a successful response:

• GET https://api.reflektive.com/v2/real-time-feedback

Version

Reflektive integration currently supports version 2 (v2).

Limits

• DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.

• DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

For an access request, DataGrail will take the following actions:

• List all public, positive feedback created in the last year.

• Select feedback records where “sender” or “recipients” fields consist of Data Subject email.

• For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

Endpoints Utilized

• GET https://api.reflektive.com/v2/real-time-feedback

Deletion

DataGrail supports the Direct Contact Deletion workflow for Reflektive.