Introduction
API Documentation for Guestbook White Label
Version: 1.0
NOTES:
- Getting an Authentication token is complete.
- Getting an account token and an account's pending & available rewards is still in development.
TODO:
- Get account token.
- Get an account's pending & available rewards.
Authentication
Server-to-server JWT for Authorization
[1] CURL request example to get an authorization TOKEN:
curl -X POST \
--url https://guestrewards.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"CLIENT_ID","client_secret":"CLIENT_SECRET","audience":"https://guestrewards.auth0.com/api/v2/","grant_type":"client_credentials"}'
[2] Example JSON response from a request to get an authorization TOKEN:
{
"access_token": "AUTH_TOKEN",
"token_type": "Bearer"
}
[3] Example CURL request passing the TOKEN to authorize an API request:
curl -X GET \
--url https://api.guestrewards.com/v1/account/balance/ \
--header 'authorization: Bearer AUTH_TOKEN'
(https://jwt.io/introduction/)
- The application or client requests authorization to the authorization server. NOTE: You must request/use the CLIENT_ID and CLIENT_SECRET supplied by The Guestbook.[1]
- When the authorization is granted, the authorization server returns an access token to the application.[2]
- The application uses the access token to access a protected resource (like an API).[3]
Get Account Token
Exchange the account token received from Cendyn's API to get one for making API calls to The Guestbook.
[4] CURL request example to get a Guestbook account token:
curl -X GET \
--url https://api.guestrewards.com/v1/account/token/ \
--header 'authorization: Bearer AUTH_TOKEN' \
--data '{"cendyn_account_token":"CENDYN_TOKEN"}'
[5] Example JSON response from a request to get a Guestbook account token:
{
"token": "GUESTBOOK_TOKEN"
}
When calling Cendyn's API (Version 4) to get a member's account information, set the return_logintoken to true.
This token, referred to as CENDYN_TOKEN in this document, is used when calling Guestbook's get token API[4] to receive an account token[5] which is used for making API calls to The Guestbook
for getting information relating to a specific user's account, like getting pending and available balance.
HTTP Request
GET https://api.guestrewards.com/v1/account/token
Headers
Content-Type: application/json
Authorization: Bearer AUTH_TOKEN (AUTH_TOKEN received from Authentication)
Query Parameters
| Parameter | type | Description |
|---|---|---|
| cendyn_account_token | Text | https://crmapiqa.cendyn.com/swagger/ui/index#!/Account/Account_Login |
Response
| Parameter | type | Description |
|---|---|---|
| token | Text | GUESTBOOK_TOKEN |
Account Information
Get Pending & Available Balance
[6] CURL request example to get an account's pending & available balance:
curl -X GET \
--url https://api.guestrewards.com/v1/account/balance/ \
--header 'authorization: Bearer AUTH_TOKEN' \
--data '{"token":"GUESTBOOK_TOKEN"}'
[7] Example JSON response from a request to get an account's pending & available balance:
{
"pending": 40.32,
"available": 123.67,
"currency_abbreviation": "USD",
"currency_symbol": "$"
}
Retrieve Pending and Available balance for an SH Group Loyalty Member.
HTTP Request
GET https://api.guestrewards.com/v1/account/balance
Headers
Content-Type: application/json
Authorization: Bearer AUTH_TOKEN (AUTH_TOKEN received from Authentication)
Query Parameters
| Parameter | type | Description |
|---|---|---|
| token | Text | GUESTBOOK_TOKEN received from Get Account Token |
Response
| Parameter | type | Description |
|---|---|---|
| pending | numeric(9,2) | Pending rewards balance. This is the amount that's pending approval. |
| available | numeric(9,2) | Available rewards balance. This is the amount the user has available for redemption. |
| currency_abbreviation | String | ISO 4717 three letter currency abbreviation. |
| currency_symbol | String | Symbol representation of the account's currency. |
Errors
The Guestbook API uses the following error codes:
| Error Code | Meaning |
|---|---|
| 400 | Bad Request -- Your request is invalid. |
| 401 | Unauthorized -- Your JWT Authorization token token is invalid/expired. |
| 403 | Forbidden -- The resource requested is outside your application's scope. |
| 404 | Not Found -- The specified account could not be found. |
| 500 | Internal Server Error -- We had a problem with our server. Our development team has been notified, but reach out if the problem persists. |