Skip to main content

Overview

The Data API is a REST API that allows to retrieve or write data stored on our remote servers. You can use the available endpoints to:

  • retrieve visit events for a given visitor.
  • send additional visit events for a given visitor, such as offline conversion events.
  • send and retrieve product data for a given sitecode.
  • store additional data for a given visitor, such as CRM or segmentation data.

We provide endpoints for 3 main categories of data:

The Visit endpoints allow to retrieve and send events (conversion, custom data, segments...) for a given visitor code. They can be used to import offline purchase data (such as physical store purchases) to Kameleoon.

  • GET /visit/visitor: this endpoint can be used to retrieve visits data collected by Kameleoon such as experiments and personalizations being triggered for the user or targeted segments.
    note

    If you are using our Web Experimentation solution, please note that you can only retrieve data for past visits. Data for the current visit is not available through this endpoint. Customers with access to Feature Experimentation can retrieve data for all visits, including the current one. For further details, please reach out to your Customer Success Manager.

  • POST /visit/forget: this endpoint can be used to remove data for several visitors.
  • POST /visit/events: this endpoint can be used to post data for a given visitor, such as conversion events, page view events etc.

The Product endpoints allow to retrieve and send product data for a given sitecode. They can be used to register product events such as view, add to cart or purchase events, or to obtain statistics about a given product (eg. how many times it was bought or viewed in the last hour or day).

  • POST /product/events: this endpoint can be used to post attributes (name, price etc.) and events (view, add to cart, purchase) for several products, which can then be retrieved and used for targeting or product recommendations purposes, by using the obtainProductData and obtainProductInteractions methods available in our Activation API. You can also use the productCounters and productData endpoints.
  • GET /product/productCounters: this endpoint can be used to retrieve counts (number of views, add to cart quantities, transaction quantities) for several products.
  • GET /product/productData: this endpoint can be used to retrieve attributes for several products.
note

You need to have access to the Product Recommendation module or to the Product Targeting add-on. Both can be added to our Web Experimentation solution. For more information, please get in touch with your Customer Success Manager.

The Map endpoints allow to store additional data for a given key (usually a visitor code or an internal User ID), which can then be retrieved and used for targeting and segmentation purposes, by using the retrieveDataFromRemoteSource method available in our Activation API and all our SDKs. You can also use the map endpoint to retrieve stored data for a given key.

  • GET /map/map: this endpoint can be used to retrieve data for a given key.
  • GET /map/maps: this endpoint can be used to retrieve data for several keys.
  • POST /map/maps: this endpoint can be used to post data for several keys.

Authentication and rate limiting

The Data API uses rate limiting based on the IP address of the requester. If your app exceeds these limits, the API returns an HTTP 429 "Too Many Requests" response.

You can increase your limit from server-side sources by authenticating. Authentication from client-side sources, such as a web-browser is not recommended. This section provides details on rate limits and authentication options.

Rate Limits

Request typeUnauthenticated limitAuthenticated limit
GET Requests5 per second50 per second
Each other HTTP method50 per second (per method)1000 per second (per method)

Authentication

Authentication uses the same flow as the Automation API using JSON web tokens.

To maintain security and protect your API credentials, authentication is only recommended for some types of requests:

  • Server-side sources: For requests originating from your servers, authentication is highly recommended.
  • Client-side sources: For requests originating from a client application where your API credentials could be exposed, such as a web browser, don't authenticate.

Any request that provides an API token with an incorrect format, an expired token, or an invalid signature results in an HTTP 401 "Unauthorized" response.

To learn more about the authentication process, refer to the Automation API Authentication Flow documentation.