Yotpo

Authentication & Authorization

Credentials

• Yotpo uses tokens to authenticate and authorize an account.

• Tokens are generated by an API call that uses the App Key and Secret Key (see the help docs).

• Publicly exposing your API credentials can allow unauthorized access to the Yotpo API endpoints, and your Yotpo data by a third party. DataGrail stores your API credentials encrypted and protected.

Permissions

No special permissions required and used to connect API with related credentials.

Scopes

No special scopes required and used to connect API with related credentials.

Endpoints Utilized

This endpoint uses your Yotpo API App Key and Secret Key to generate the API token necessary to authenticate Yotpo API calls:

• POST https://api.yotpo.com/oauth/token

Version

Yotpo integration currently supports version 1.0.

Limits

DataGrail uses throttling rules to avoid rates faster than 50 requests per minute and 10000 requests per day.

Access

For an access request, DataGrail will take the following actions:

• Check if data exists for the user associated with the Data Subject email.

• If a user match is found:

  • Collect reviews by the Data Subject email.

  • Collect purchases by the Data Subject email.

• For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.

Endpoints Utilized

• GET https://api.yotpo.com/privacy/data/exists

• GET https://api.yotpo.com/v1/apps/\{app\_key\}/reviews

• GET https://api.yotpo.com/apps/\{app\_key\}/purchases

Deletion

DataGrail supports the Direct Contact Deletion workflow for Yotpo.