NAV
shell

Introduction

This a guide to integrate with Merit Marketplace and enable users to login via SSO.

Upon successful integration, users can choose from Merit's large catalog and use their points to redeem rewards.

Clients must implement the following API to support the integration with Merit Marketplace.

  1. Get Access Token (machine-to-machine authentication)
  2. Get User by MemberId
  3. Get Point Balance
  4. Debit Points
  5. Refund Points

Merit will provide clients with the following API

  1. Get Access Token (machine-to-machine authentication)
  2. SSO Login

Client Implementation

M2M Authentication

With machine-to-machine (M2M) applications, such as CLIs, daemons, or services running on your back-end, the system authenticates and authorizes the app rather than a user. For this scenario, we use the Client Credentials Flow.

Credentials must be granted per loyalty program. If an organization has more than one loyalty program, they must provide Merit one set of credentials for each loyalty program.

Get Access Token

curl --location -g --request POST '{{baseUrl}}/identity/v1/clients/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "clientId": "{{clientId}}",
    "clientSecret": "{{clientSecret}}"
}'

If successful, the above command returns JSON structured like this:

{
    "data": {
        "accessToken": "SuM-qV4WCs6rjkX3zzKMU9tnzP--FiR8ZKRG2NCHwTFKRaVabIaIf17glCcs_b50rFM8JzKy7b_AMy10UtTSfonS7ddK56MQuDA5OPfyKvYCinxsXi4l5L_JSam2Juqq5-YNZ3bjXxXzj6sOiVs-WhJwThL4v3Umeizs-ea3cqU",
        "expiresIn":  3600,
        "tokenType":  "Bearer"
    }
}

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1001",
    "message": "invalid client credentials"
}

Use Client ID and Client Secret to authenticate and get access token.

HTTP Request

POST {{baseUrl}}/identity/v1/clients/token

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.

Request Schema

Parameter Required Type Description
clientId Yes String Client ID
clientSecret Yes String Client Secret

Success Response Schema

Parameter Required Type Description
accessToken Yes String Access Token
expiresIn Yes Integer Expires In (seconds)
tokenType Yes String Token type. Value must be Bearer

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

Member ID

Unique identifier of the user within the loyalty program

  1. Must be unique within the loyalty program.
  2. After the user is created, Member ID can't be changed.
  3. Maximum length of 128.
  4. Allowed characters are A-Z, a-z, 0-9, :, -, @, ..

Get User by MemberId

curl --location -g --request GET '{{baseUrl}}/identity/v1/users/{{memberID}}' \
--header 'Authorization: Bearer {{AccessToken}}'

If successful, the above command returns JSON structured like this:

{
    "data": {
        "memberId": "U123456",
        "firstName": "John",
        "lastName": "Doe",
        "email": "john.doe@meritincentives.com",
        "phone": "+442072343456",
        "country": "GBR",
        "currency": "GBP",
        "language": "en",
        "metadata": {
            "gender": "MALE",
            "tier": "GOLD"
        },
        "isActive": true,
        "createdAt": 1672664992,
        "updatedAt": 1672664992
    }
}

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1002",
    "message": "invalid access Token"
}

HTTP Request

GET {{baseUrl}}/identity/v1/users/{memberID}

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.
Authorization Yes Bearer {{AccessToken}}

Success Response Schema

Parameter Required Type Description
memberId Yes String Unique identifier of the user within the loyalty program
firstName No String First name
lastName No String Last name
email Yes String Email
phone No String Phone number
country Yes String Country of user in ISO 3166 format (ex: GBR)
currency Yes String Currency of user in ISO 4217 format (ex: GBP)
language Yes String Language of user in ISO 639-1 format (ex: en)
isActive Yes Boolean Is the user active ?
metadata No Object JSON with custom key-value pairs to provide any optional information

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

Exchange Rates

As a prerequisite, exchange rates from points to currencies must be configured while onboarding the loyalty program to Merit platform.

Example conversion table

Currency Points
1 USD 80
1 GBP 100
1 AED 20

Get Point Balance

curl --location -g --request GET '{{baseUrl}}/loyalty/v1/users/{{memberId}}/balance' \
--header 'Authorization: Bearer {{AccessToken}}'

If successful, the above command returns JSON structured like this:

{
  "data": {
    "points": 10000,
    "updatedAt": 1672664992
  }
}

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1002",
    "message": "invalid access token"
}

HTTP Request

GET {{baseUrl}}/loyalty/v1/users/{memberID}/balance

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.
Authorization Yes Bearer {{AccessToken}}

Success Response Schema

Parameter Required Type Description
points Yes Integer Number of available loyalty points
updatedAt Yes Integer Last modified timestamp. Epoch format

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

Debit Points

curl --location -g --request POST '{{baseUrl}}/loyalty/v1/users/{{memberId}}/debit' \
--header 'Authorization: Bearer {{AccessToken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "referenceId": "REF123414342",
    "points": 100,
    "metadata": {
        "description": "Order #1234. Purchase of Amazon Gift Card"
    }
}'

The above command returns JSON structured like this:

{
  "data": {
    "id": "0c781f3f-fa61-460b-81e6-d1bf00d1fdd9"
  }
}

Sample error response. Please refer Errors for more information.

{

    "code": "ERR-3001",
    "message": "transaction with referenceId already exists"
}

HTTP Request

POST {{baseUrl}}/loyalty/v1/users/{memberID}/debit

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.
Authorization Yes Bearer {{AccessToken}}

Request Body Schema

Parameter Required Type Description
referenceId Yes String Unique reference of the transaction
points Yes Integer Number of points
metadata No Object JSON with custom key-value pairs to provide any optional information

Success Response Schema

Parameter Required Type Description
id Yes String Unique identifier of transaction

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

Refund Points

curl --location -g --request POST '{{baseUrl}}/loyalty/v1/transactions/{{transactionId}}/refund' \
--header 'Authorization: Bearer {{AccessToken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "points": 50,
    "metadata": {
        "description": "Order #1234. Cancellation of Amazon Gift Card"
    }
}'

Refund points (partial or total) against an existing debit transaction.

If successful, the above command returns JSON structured like this:

{
  "data": {
    "id": "0c781f3f-fa61-460b-81e6-d1bf00d1fdd9"
  }
}

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1002",
    "message": "invalid access token"
}

HTTP Request

POST {{baseUrl}}/loyalty/v1/transactions/{transactionId}/refund

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.
Authorization Yes Bearer {{AccessToken}}

Request Body Schema

Parameter Required Type Description
points Yes Integer Number of points
metadata No Object JSON with custom key-value pairs to provide any optional information

Success Response Schema

Parameter Required Type Description
id Yes String Unique identifier of transaction

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

Errors

Error Code HTTP Status Message
ERR-1001 401 invalid client credentials
ERR-1002 401 invalid access token
ERR-2002 400 user with memberId does not exist
ERR-3001 400 transaction with referenceId already exists
ERR-4001 400 {{dynamic message for invalid input}}
ERR-5001 500 internal server error

Merit API

M2M Authentication

With machine-to-machine (M2M) applications, such as CLIs, daemons, or services running on your back-end, the system authenticates and authorizes the app rather than a user. For this scenario, we use the Client Credentials Flow.

Credentials are granted per loyalty program. If an organization has more than one loyalty program, Merit will grant each program it's own set of credentials.

Get Access Token

curl --location -g --request POST '{{baseUrl}}/identity/v1/clients/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "clientId": "{{clientId}}",
    "clientSecret": "{{clientSecret}}"
}'

If successful, the above command returns JSON structured like this:

{
    "data": {
        "accessToken": "SuM-qV4WCs6rjkX3zzKMU9tnzP--FiR8ZKRG2NCHwTFKRaVabIaIf17glCcs_b50rFM8JzKy7b_AMy10UtTSfonS7ddK56MQuDA5OPfyKvYCinxsXi4l5L_JSam2Juqq5-YNZ3bjXxXzj6sOiVs-WhJwThL4v3Umeizs-ea3cqU",
        "expiresIn":  3600,
        "tokenType":  "Bearer"
    }
}

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1002",
    "message": "invalid access token"
}

Use Client ID and Client Secret to authenticate and get access token.

HTTP Request

POST {{baseUrl}}/identity/v1/clients/token

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.

Request Schema

Parameter Required Type Description
clientId Yes String Client ID
clientSecret Yes String Client Secret

Success Response Schema

Parameter Required Type Description
accessToken Yes String Access Token
expiresIn Yes Integer Expires In (seconds)
tokenType Yes String Token type. Value will always be Bearer

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message

SSO Login

curl --location --request POST '{{baseUrl}}/identity/v1/sso/login' \
--header 'Authorization: Bearer {{AccessToken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "memberId": "U123466"
}'

The above command returns HTTP Status Code 302 (Redirect). User is redirected to Merit Marketplace and signs in automatically.

Sample error response. Please refer Errors for more information.

{
    "code": "ERR-1002",
    "message": "Invalid Access Token"
}

Initiate SSO login and redirect user to Merit Marketplace. User signs in automatically.

HTTP Request

POST {{baseUrl}}/identity/v1/sso/login

Request Headers

Parameter Required Description
Content-Type Yes Content type must be application/json.
Authorization Yes Bearer {{AccessToken}}

Request Body Schema

Parameter Required Type Description
memberId Yes String Unique identifier of the user within the loyalty program

Error Response Schema

Parameter Required Type Description
code Yes String Error Code. Human readable error code to handle exceptions.
message Yes String Error Message
shell