PunchTab

PunchTab is dedicated to provide all the tools to build loyalty around your website, application or product. We are providing out-of-the-box solutions which does 80% of the work for you. But some of you want to have ways to integrate more tightly with your product. In order to accomplish this, we provide programmatic ways to use our platform.

• Authentication
• Output Format
• HTTP Method
• Standard response Code
• End Points
• Leaderboard

REST API Documentation

Not everyone has the skills to build their own integration with PunchTab's API. The JS SDK is probably the simplest version of the tools we provide to extend our services. The REST API is for more advanced developers. We will let you judge what is the best way for you to integrate with your service.

Each developer is identified with a client_id, which youc an find on your developer page if you activated your account. To use the REST API, an access token(access_token) must be retrieved first using one of the user authentication methods given below.

Authentication:

In order to build loyalty into your application, you will need to identify and authenticate your loyal user. Currently users can be authenticated in our system using Single Sign-On(currently in BETA).

• Using Single Sign-On(SSO) API(BETA):

  SSO allows your users who are already authenticated on your site, to seemlessly log in to our system automatically without having them to create an account with us and log in again. Please note currently you would need to contact us to enable your account for SSO. Given below are API's to support SSO:

  Logging in user:

  User account will be created if it doesn't exist.

  https://api.punchtab.com/v1/auth/sso

  Parameters: (Only POST parameters are supported with HTTP Referer header set to your account domain URL[ex. http://mydomain.com])

  • client_id – Client Id from your developer page
  • key – Access Key from your developer page
  • auth_request - Must include the following and generated as

    base64_encode(json_encode([‘id’ => user[‘id’], ‘first_name’=>user[‘first_name'], ‘last_name’=>user[‘last_name'], 'email'=>user['email']), 'avatar_link'=>user['avatar_link']));
    
      id – Unique user id associated with the user account
      first_name – user first name
      last_name –user last name
      email(optional) – user email 
      avatar_link(optional) - http(s) link to user avatar image (Only JPEG/GIF/PNG image format of 50x50 and less than 1MB is supported) 
      country_code(optional) - user country provided as ISO 3166-1 alpha-2 based two-letter country code. Any invalid values would be ignored. 
    
      All the above field values must be passed as string 

  • timestamp – Unix timestamp(number of seconds elapsed since midnight Coordinated Universal Time (UTC) of Thursday, January 1, 1970) of when the request was generated. Make sure this timestamp value is used for signature calculation given below.
  • signature – It is generated using HMAC_SHA1 algorithm(converted to hex string) using values from above auth_request and timestamp parameters

  HMAC_SHA1(secret_key, auth_request + ‘ ‘ + timestamp)
  
    secret_key – Secret key from your developer page

  Response: (JSON formatted except for standard HTTP response)

  • status – ‘connected’ for successful login. Other values are ‘disconnected’, ‘not_authenticated’ and ‘not_authorized’
  • authResponse.accessToken – Auth token for this user to be used for subsequent API calls returned only if status is ‘connected’
  • authResponse.expiresIn – Number of seconds until token expires

    Example:
    {
      status: ‘connected’,
      authResponse: {
        accessToken: ‘…..’
      }
    }

  • error.description – Description of exception if status is not ‘connected’

    Example:
    {
      status: ‘disconnected’,
      error: {
        description: ‘signature mismatch’
      }
    }

  Examples: Given below are examples in different languages on how to generate parameters for SSO API. You can use any libraries such as curl to make the REST API call by passing these parameters. Remember to set HTTP header 'referer' to your registered domain name when you make the API call.

  • PHP

    <?php
      define ('PUNCHTAB_CLIENT_ID', 'your_client_id'); //client_id
      define ('PUNCHTAB_SECRET_KEY', 'your_secret_key');
      define ('PUNCHTAB_ACCESS_KEY', 'your_access_key'); //key
    
      $user = array('id' => '2', 'first_name' => 'John', 'last_name' => 'Doe', 'email' => 'john.doe@johndoe.com', 'avatar_link' => 'http://johndoe.com/johndoe.jpg');
      $auth_request = base64_encode(json_encode($user));
      $timestamp=time();
      $signature = hash_hmac('sha1', "$auth_request $timestamp", PUNCHTAB_SECRET_KEY);
    ?>

  • Python

    import base64
    import hashlib
    import hmac
    import simplejson
    import time
    
    PUNCHTAB_CLIENT_ID = 'your_client_id' #client_id
    PUNCHTAB_SECRET_KEY = 'your_secret_key'
    PUNCHTAB_ACCESS_KEY = 'your_access_key' #key
    
    user = simplejson.dumps({'id': '2', 'first_name': 'John', 'last_name': 'Doe', 'email': 'john.doe@johndoe.com', 'avatar_link': 'http://johndoe.com/johndoe.jpg'})
    
    auth_request = base64.b64encode(user)
    timestamp = int(time.time())
    
    signature = hmac.HMAC(PUNCHTAB_SECRET_KEY, '%s %s' % (auth_request, timestamp), hashlib.sha1).hexdigest()
                            

  SSO on client side using JavaScript

  • If you are currently using our loyalty platform using our JavaScript code snippet/SDK and you would want to add just SSO support, you can do it using JavaScript without having to use any of our REST API's.
  • Generate SSO API parameters client_id, auth_request, timestamp and signature(details given above) as you would for the REST API and place it in a JavaScript variable as given below either in the HEAD or beginning of BODY of your site. Make sure this is included before our loyalty program code snippet.

      <script type="text/javascript" charset="utf-8">>
    
      var _pt_pre_config = {
              auth_request: <generated auth request>,
              signature: <generated signature>,
              timestamp: <signature timestamp>,
              client_id: <your client id>
      };
      </script> 

  Logging out user:

  https://api.punchtab.com/v1/auth/logout

  Parameters: (Both GET/POST parameters are supported with HTTP_REFERRER set to your account domain name)

  • token – authResponse.accessToken from login API
  • key – Access Key from your developer page

  Response: (JSON formatted except for standard HTTP response)

  • status – ‘disconnected’ for successful logout

  Checking the login status of a user access token

  https://api.punchtab.com/v1/auth/status

  Parameters: (Both GET/POST parameters are supported with HTTP_REFERRER set to your account domain name)

  • token – authResponse.accessToken from login API
  • key – Access Key from your developer page

  Response: (JSON formatted except for standard HTTP response)

  • status – ‘connected’ if token is valid otherwise 'disconnected'

Rate Limiting:

We are rate limitting our API to ensure smooth service for the whole platform. Contact us if you expect a high number of API hits in a short period of time.

Output Format:

We support two output formats: JSON & JSONP

• JSON:

  This is the output format by default. You don't need to specify anything and you will be return JavaScript Object Notation (JSON).

• JSONP:

  This format allow JavaScript developer to work-around the "Same-Origin Policy" restriction. You need to add a callback function to be returned JSONP.

  https://api.punchtab.com/v1/activity?access_token=[access_token]&callback=my_function

  The response of your call will be padded with the my_function() call. The original response of the API will be the argument of the function call.

HTTP Method:

We use the HTTP protocol to communicate with the API, and the method are used to denote actions against resources

So far we use the following methods:

• GET: to retrieve information about ressources.
• POST: to create new resources

Standard Response Code:

• 200 Ok
• 201 Created
• 400 Bad Request
• 403 Forbidden

Endpoints

Activity

Activities are the actions which make users earn points.

You can retrieve the activities of a user and you can also create activity for a user.

Reading the activities of a user:

To read the activities of a user you need:

• an access_token of the user that you get through the authentication flow.
• an optional limit parameter which specifies the number of activities
• a optional user_id, if you want to retrieve the activity for a specific user_id, instead of the user currently logged in.
• an optional activity_name, if you want to retrieve only a list of activity from the activity_name.

Example:

https://api.punchtab.com/v1/activity[/activity_name]?access_token=[access_token]
                  

Fields:

• publisher_id : the identifier of the site or application where the action took place.
• domain : the domain of the site where the action took place.
• display_name : the display name of the site where the activity took place.
• referrer : the exact URL where the action took place, if available.
• name : the name of the activity.
• points : the number of points earned by taking the action.
• date_created : the date time of when the action took place.
• _id : an identifier for the activity.

Creating activity for a user:

To create the activities for a user you need:

• an access_token of the user that you got through the authentication flow.
• the activity that the user just took. It must be a verb in this list : (visit, tweet, like, plusone, comment, invite, reply, apply, share, purchase, addtotimeline, search, download, view, checkin, subscribe, and follow ). If you can't find the one you need, please contact us
• the number of points you want to give the user for the action (default is 100 points, and it is not overwritable for the visit, like, tweet, comment and +1).

Example: You need to create a POST request which will look like this:

curl -X POST -d "points=200" "https://api.punchtab.com/v1/activity/[activity_name]?access_token=[access_token]
                      

Redeeming:

Redeeming an offer (from the catalog) is another activity, you just need to specify the reward_id that you get from the reward's list

curl -X POST -d "reward_id=123" https://api.punchtab.com/v1/activity/redeem?access_token=[access_token]
              

                  Back to top
              
        

Leaderboard

Leaderboard is the list of user ranked by the descending number of points for you application/site. You can only retrieve the leaderboard, it gets updated each time a user get points through the activity resource.

Reading the leaderboard for an application:

To read the leaderboard you need:
• an access_token of the user that you get through the authentication flow.
• the with=me parameter if you want to get a leaderboard with the current user for sure
• deprecated an optional days parameter which specifies the number of days that should be used to calculate the leaderboard
• an optional days parameter if set to 'all' returns the leaderboard from the beginning using redeemable points, otherwise it returns the leaderboard from the last 30 days.
• an optional limit parameter which specifies the number of user you will get in the leaderboard limit
• an optional page parameter which specifies the page of result you want (rank will be relative to the page)

Example:

https://api.punchtab.com/v1/leaderboard?access_token=[access_token][&with=me][&days=all][&limit=N][&page=M]
                  

Fields:

• user_id : the identifier for the user
• name : full name of the user
• self* : True if with=me was set and the access_token matches the user
• rank : the rank of the user
• points : the number of points the user currently has
• avatar : a profile picture of the user
• recenty_activity: the most recent activity

Reward

Reward is the list of items you have available for the users to redeem in your catalog. You can currently only retrieve the catalog, you can edit it on punchtab.com

To read the rewards you need:

• an access_token of the user that you get through the authentication flow.
• an optional limit parameter which specifies the number of rewards you will get in the response

Example:

https://api.punchtab.com/v1/reward?access_token=[access_token]
                  

Fields:

• reward_id : the identifier of the reward
• points : the number of points required to get the reward
• Brand : the brand of the reward
• name : the name of the reward

User:

User represent a person who connected with your loyalty program.

To read the user information you need:

• an access_token of the user that you get through the authentication flow.

Example:

https://api.punchtab.com/v1/user?access_token=[access_token]
                  

Fields:

• avatar : a profile picture of the user
• user_id : the identifier for the user
• name : full name of the user
• redeemable_points : the number of points which can be used toward a reward
• DEPRECATED total_points_earned : the total number of points earned in the past 30 days