ConnectionPoint API reference (1.19)

This is the reference documentation for the official ConnectionPoint API.

Last updated: Sep 17, 2024

Basics

Staging API server:

https://api-staging.connectionpoint.com

Production API server:

https://api.connectionpoint.com

The API follows REST principles. Data is provided in JSON format only. Dates are represented in Unix timestamps (Seconds elapsed since 01-01-1970 00:00:00 UTC). The staging API will return all JSON responses pretty printed.

Authentication & Authorization

ConnectionPoint uses OAuth 2.0 for granting access to resources. Every API request listed in this document requires either a user access token or an app access token. To authorize a request pass your access token in the Authorization header of your HTTP request as follows:

Authorization: Bearer ACCESS_TOKEN

Registering a client app

You can create and manage multiple client applications. Every API client has to be approved first in order to be able to interact with our API.

Staging:

https://beta.connectionpoint.com/apps

Production:

https://connectionpoint.com/apps

OAuth 2.0 Endpoints

User authorization

Obtain a user's consent by redirecting them to the following authorization endpoint.

Staging:

https://beta.connectionpoint.com/oauth2/authorize

Production:

https://connectionpoint.com/oauth2/authorize

Request

Parameter Required Description
client_id Yes The client ID issued to the app
redirect_url Yes The URI the user will be redirected to after authorization. Domain must match the domain specified in the client application
scope Yes The access level
state No An opaque value for managing state. Use a non-guessable value to prevent CSRF attacks
code_challenge No PKCE challenge (Use for mobile apps)
code_challenge_method No PKCE challenge method - Valid values: plain, S256

Response

Parameter Type Description
code String The authorization code necessary to generate the access token. This code expires after 10 minutes.
state String The opaque value passed in the authorization request

Scope

Scope Description
read_only Access the user’s profile info and fundraising activity.
read_write Access the user’s profile info and fundraising activity & perform actions on the user’s behalf.

Example

https://beta.connectionpoint.com/oauth2/authorize?client_id=123&redirect_uri=https%3A%2F%2Fclient.domain&scope=read_only&state=3ksdf8sdf3 

Generating an user access token

After obtaining the user's consent you will be able to retrieve a user access token.

POST /oauth2/token

Request

Parameter Required Description
client_id Yes The client ID issued to the app
client_secret Yes, if no PKCE is used The client secret issued to the app
code_verifier Yes, if PKCE is used The code verifier for the PKCE request
redirect_uri Yes The URI the user will be redirected to after authorization. The URI must match the URI specified in the authorize request.
code Yes The code returned by the authorize response. The token expires after 10 minutes.

Response

Parameter Type Description
user_id String The user ID of the authorized user
access_token String The access token
token_type String Currently "Bearer" only
expires_in Date (Optional) The expiration time of the access token. Currently access tokens for a client app never expire, except if the user goes through the OAuth flow for the client app again.

Example

curl --data "grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=https%3A%2F%2Fclient.domain&code=ACCESS_TOKEN" https://api-staging.connectionpoint.com/v1/oauth2/token

Pagination

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

Request

Parameter Description
limit The requested maximum number of results (Max: 50, Default: 20)
after Pagination cursor. Instructs the API to return all results after the one represented by this cursor.

Response

Parameter Description
after_cursor String (Optional) – The pagination cursor for the last returned element. Passing this cursor as the after parameter in a subsequent call will return the next result page. If the response does not include a pagination cursor it means that there are no more results.

Example

curl -H "Authorization: Bearer APP_ACCESS_TOKEN" "https://api-staging.connectionpoint.com/v1/campaigns/search?type=newest&limit=10&after=212"

Rate Limiting

Currently you are permitted to make up to 1,000 authorized requests per hour. You can check the HTTP headers of any API response to see your current rate limit status. Please contact us if you require a higher rate limit for your app.

HTTP Header Description
X-RateLimit-Limit The maximum number of requests the consumer is permitted to make per hour
X-RateLimit-Remaining The number of requests remaining in the current rate limit window
X-RateLimit-Reset The time at which the rate limit will reset (Unix time)

Campaigns

The Campaign object

Attribute Description
id String – The campaign ID
object String – The object type: campaign
url URL – The campaign page URL
title String – The campaign title
introduction String – A short introductory text (Plain text only)
story String – The full campaign story (Contains basic HTML formatting)
image_url URL – The campaign image URL
video_url URL (Optional) – The campaign video URL. Valid providers:
YouTube, Vimeo
location The campaign location
location.city String – City name
location.country String – The country code (Format: ISO 3166-1)
location.latitude Number – Latitude value of the location
location.longitude Number – Longitude value of the location
category String – The category of the campaign. Valid values are platform dependent: e.g. accidents, alumni, animals, arts, business
type String – Describing the funding model. Valid values:
kia = Keep it all, i.e. the campaign receives all funds no matter if the goal has been reached or not
aon = All or nothing, ie. the campaign must reach its goal in order to receive the funds (Preapproved payments)
currency String – The currency the campaign raises money in. Valid values (ISO 4217): e.g. usd, cad, eur, gbp, aud, nzd
goal Number (Optional) – How much money the campaign would like to raise
status String – Valid values:
active, inactive, pending, finished
items A list of items that the campaign offers (Optional)
item.id String – The item ID
Item.object String – The object type: item
item.title String – The item title
item.description String (Optional) – A short description about the the item
item.image_url URL (Optional) – The item image URL
item.price Number – How much it costs to claim the item
item.claimed Number – How many times the item has been claimed
item.limit Number (Optional) – How often the item can be claimed (Unlimited if not set)
created Timestamp – Time of campaign creation
modified Timestamp – Time of last campaign change
launched Timestamp – Time of campaign launch
activated Timestamp (Optional) – Activation time.
Activation currently means that the campaign received its first contribution. This definition might change later
deadline Timestamp (Optional) – The official deadline of the campaign. Campaigns might not have a deadline set.
finished Timestamp (Optional) – The time the campaign finished
owner Details about the campaign owner
owner.name String – The full name of the campaign owner
owner.image_url URL – The URL to the campaign owner's avatar
owner.profile_url URL – The URL to the campaign owner's profile
stats Campaign stats
stats.total_raised Total amount raised so far
stats.contribution_count Total number of contributions received
stats.comment_count Total number of comments received
stats.update_count Total number of story updates published by the campaign owner
reference_id String (Optional) – A reference ID associated at campaign creation
account_id String (Optional) – An account ID for reporting purposes

Retrieve campaign details

Retrieves the details for a campaign. Passing an app_access_token (or user_access_token for a user without campaign manage permission) will only return public campaign info.

Authorizations:
user_access_tokenapp_access_token
path Parameters
campaignId
required
string

Responses

Response samples

Content type
application/json
{
  • "id": "43Zl3",
  • "object": "campaign",
  • "title": "Alfons Maria Mucha",
  • "introduction": "Alfons Maria Mucha, often known in English and French as Alphonse Mucha, was a Czech Art Nouveau painter and decorative artist.",
  • "story": "<p>Alphonse Mucha was born on 24 July 1860 in the town of Ivancice in\n Moravia. He was the second son of Ondrej Mucha, who had six children\n from two marriages. Ondrej worked as an usher at the Ivancice court house.</p>",
  • "location": {
    },
  • "category": "education",
  • "type": "kia",
  • "currency": "cad",
  • "goal": 1233,
  • "status": "active",
  • "items": [
    ],
  • "created": 1390174017,
  • "modified": 1415399973,
  • "launched": 1390179592,
  • "activated": 1390249425,
  • "owner": {},
  • "stats": {
    }
}

List campaigns for a user

Retrieves a list of all campaigns that a user manages. This includes personal as well as organization campaigns.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

organization
string
partner
string
type
string
search
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

List sub-campaigns

Retrieves a list of all sub-campaigns for a specific main campaign. Passing an app_access_token (or user_access_token for a user without campaign manage permission) will only return active sub-campaigns.

Authorizations:
user_access_tokenapp_access_token
path Parameters
campaignId
required
string
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Organizations

The Organization object

Attribute Description
country String – The country code (Format: ISO 3166-1)
description String – Organization description (Only available for organization type)
id String – The organization ID
image_url URL – The URL to the organization's logo
name String – The partner name
object String – The object type: organization
profile_url URL – The URL to the organization's profile
type String – The type of organization. Valid values:
organization, school, non-profit, political, business

List organizations

Retrieves a list of all organizations that the authorized user manages.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

partner
string
search
string

Responses

Response samples

Content type
application/json
{}

Users

The User object

Attribute Description
id String – The user ID
object String – The object type: user
first_name String – The user's first name
last_name String – The user's last name
image_url URL – The URL to the user's avatar
profile_url URL – The URL to the user's profile
email Email – The contact email address
registered Timestamp – Time the user registered

Retrieve user details

Retrieves the user details for the user represented by the access token passed.

Authorizations:
user_access_token

Responses

Response samples

Content type
application/json
{}

Activities

Types of activities

There are currently four types of campaign activities. Types

  1. Contribution: A campaign payments, pledge or offline contribution
  2. Comment: A comment made by a user
  3. Story Update: A campaign update
  4. Milestone: An auto-generated campaign milestone based on funding progress

The Activity object

All types of activities share the following attributes:

Attribute Description
id String – The contribution ID
object String – The object type. Valid values:
contribution, comment, story_update, milestone
url String – The activity page URL
created Timestamp – Activity creation time
owner Details about the activity owner
owner.name String – The full name of the owner
owner.image_url URL – The URL to the owner's avatar
owner.profile_url URL – The URL to the owner's profile (Optional)
stats Activity stats
stats.comment_count Number – The number of comments on this activity
stats.like_count String – The number of likes on this activity
liked Boolean – True, if the authenticated user liked this activity

The Contribution object

In addition to the common activity attributes, a comment contains the following:

Attribute Description
amount Number – The total contribution amount (Optional – only if publicly shown)
currency String – The currency the contribution was made in. Valid values (ISO 4217): e.g. usd, cad, eur, gbp, aud, nzd
message String – The contributor's message (Optional)
claimed_items List of claimed items (Optional)
claimed_item.id String – The item ID
claimed_item.title String – The item title
claimed_item.image_url URL – The URL to the item image

The Comment object

In addition to the common activity attributes, a story update contains the following:

Attribute Description
message String – The comment

The Story Update object

In addition to the common activity attributes, a story update contains the following:

Attribute Description
media List of media items (Optional)
media.object String – The object type. Valid values: image, video
media.image_url URL – The URL to the image file
media.video_url URL – The URL to the video file (For videos only)
media.duration Number – The video duration in seconds (For videos only)

The Milestone object

In addition to the common activity attributes, a milestone contains the following:

Attribute Description
type String – The type of milestone. Valid values:
contributors, raised_amount, raised_goal
value Number – The milestone value reached (Available for contributors and raised_amount milestones)
image_url URL – The URL to the milestone image

Create a comment

Creates a comment on either a campaign or a specific campaign activity.

Authorizations:
user_access_token
Request Body schema: application/json
campaign_id
string
activity_id
string
message
string

Responses

Request samples

Content type
application/json
{
  • "campaign_id": "42ica",
  • "activity_id": "73Ej1",
  • "message": "Awesome cause!"
}

Response samples

Content type
application/json
{}

Create a story update

Creates a new story update.

Authorizations:
user_access_token
Request Body schema: application/json
campaign_id
string
message
string
Array of objects (AMediaToken)
post_as
string
Enum: "individual" "campaign" "organization"
scheduled
integer <int64>

Unix timestamp in seconds

Responses

Request samples

Content type
application/json
{
  • "campaign_id": "42ica",
  • "message": "This is a story update with media",
  • "post_as": "organization",
  • "media": [
    ]
}

Response samples

Content type
application/json
{}

Delete a comment

Deletes an existing comment.

Authorizations:
user_access_token
path Parameters
commentId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 401,
  • "message": "Unauthorized",
  • "type": "unauthorized"
}

Delete a story update

Deletes an existing story update.

Authorizations:
user_access_token
path Parameters
storyUpdateId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 401,
  • "message": "Unauthorized",
  • "type": "unauthorized"
}

List activities

Retrieves activities for a specific campaign, an organization or all of a user's campaigns. If the access token represents a user with extended access to either the organization or campaign, additional private information may be included, e.g. scheduled story updates.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

organization
string
campaign
string
types
string
add_fields
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Like an activity

Like an activity.

Authorizations:
user_access_token
path Parameters
activityId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 400,
  • "message": "Invalid Parameter",
  • "type": "bad_request"
}

Unlike an activity

Unlike an activity.

Authorizations:
user_access_token
path Parameters
activityId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 400,
  • "message": "Invalid Parameter",
  • "type": "bad_request"
}

Contacts

The Contact object

Attribute Description
id String – The contact ID
object String – The object type: contact
name String – The contact's name (Optional)
email String – The contact's email address
source String – Source describing how the contact has been added to the campaign:
payment, follow, import, owner
subscribed Timestamp – Time the contact subscribed

List campaign contacts

Retrieves all active contacts for a specific campaign. Results are sorted by subscription time in descending order.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

campaign
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Fundraisers

The Fundraiser object

Attribute Description
id String – The fundraiser's member ID
object String – The object type: fundraiser
user_id String – The fundraiser's user ID
name String – The fundraiser's name
email String – The fundraiser's email address
team_name String – The name of this fundraiser's team
team_url URL – The URL of the fundraiser's team campaign page
campaign_id String – The ID of the fundraiser's campaign
role The fundraiser's role on the team:
leader, member
created Timestamp – At which time the user signed up as a fundraiser for the campaign
referred_total_raised Number – The total referred contribution amount
referred_contribution_count Number – The total number of referred contributions
reference_id String (Optional) – The fundraiser campaign's reference ID
account_id String (Optional) – The fundraiser campaign's account ID

List fundraisers

Retrieves all fundraisers for a specific campaign. Results are sorted by created time in descending order.

Authorizations:
user_access_token
path Parameters
campaignId
required
string
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

search
string
user
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Invitations

The Invitation object

Attribute Description
id String – The invitation ID
object String – The object type: invitation
campaign_id String – The campaign ID of the main campaign this invitation belongs to
first_name String – The invitee's first name
last_name String – The invitee's last name
email String – The invitee's email address
goal Number (Optional) – The default fundraising goal for the sub-campaign
category The name of the category that the fundraiser will be assigned to.
reference_id String (Optional) – A reference ID that will be associated with the sub-campaign
account_id String (Optional) – An account ID that will be associated with the sub-campaign

Create invitation

Creates a new invitation to fundraise for a main-campaign. The invitee will be notified via email.

Authorizations:
user_access_token
Request Body schema: application/json
campaign_id
string

The ID of the main campaign to which the fundraiser will be invited to. Either a campaign_id or partner_id + reference_id are required.

first_name
required
string

The fundraiser's first name

last_name
required
string

The fundraiser's last name

email
required
string

The fundraiser's contact email address

goal
integer <int32>

The default fundraising goal

category
string

The name of the category that the fundraiser should be assigned to. To assign a sub-category, pass the main and sub-category separated by "/" (Example: "Art/Digital Art"). If the category cannot be matched, the main campaign category will be used.

partner_id
string

The ID of the partner used for campaign lookups in conjunction with the Reference ID. Only used if no campaign_id is passed.

reference_id
string <= 40 characters

A custom value to identify the fundraiser.

account_id
string <= 50 characters

A custom identity code that will be applied to the fundraiser's transactions.

Responses

Request samples

Content type
application/json
{
  • "campaign_id": "42ica",
  • "first_name": "Alice",
  • "last_name": "Anderson",
  • "email": "aliceanderson@gmail.com",
  • "goal": 1250,
  • "category": "Art/Crafts",
  • "reference_id": "A1B2C3D4E5",
  • "account_id": "Z987654"
}

Response samples

Content type
application/json
{
  • "id": "2b1",
  • "campaign_id": "42ica",
  • "first_name": "Alice",
  • "last_name": "Anderson",
  • "email": "aliceanderson@gmail.com",
  • "goal": 1250,
  • "category": "Art/Digital Art",
  • "reference_id": "A1B2C3D4E5",
  • "account_id": "Z987654"
}

Payments

The Payment object

Attribute Description
account String – The recipient account type
Valid values: paypal, wepay, stripe, offline
address Address – The payer address (Optional)
amount Number – The total contribution amount
campaign_id String – The ID of the campaign the payment was made to
claimed_item.id String – The item ID
claimed_item.image_url URL – The URL to the item image
claimed_item.price Number – The price charged for one item
claimed_item.quantity Number – How many times this item has been claimed in this transaction
claimed_item.shipping_cost Number – The shipping cost charged for one item (Optional)
claimed_item.title String – The item title
claimed_item.variant String – The item variant (Optional)
claimed_items List of claimed items (Optional)
contact_email Email address – Contact email address (might differ from payer email address)
created Timestamp – Contribution time
currency String – The currency the payment was made in. Valid values (ISO 4217): e.g. usd, cad, eur, gbp, aud, nzd
custom_field.name String – Name of the custom data field
custom_field.value String – Value of the custom data field
custom_fields List of custom data fields (Optional)
date_of_birth Date – The date of birth (Optional, Format: yyyy-MM-dd)
employer Address – The employer address (Optional, without first_name and last_name attributes)
id String – The payment ID
matched_amount Number – The matched sponsorship amount (if the campaign is sponsored)
message The public message provided by the contributor
net_amount Number – The net contribution amount (minus service and payment provider fees)
occupation String – The occupation (Optional)
payer_email String – The contributor's payer email (Provided by payment provider)
payer_first_name String – The contributor's first name
payer_last_name String – The contributor's last name (Optional, might not be set if it cannot be derived from the contributor's full name)
payer_name String – The contributor's full name
phone_number String – Phone number (Optional)
recovered_fees Number – The recovered fees (if the payment was processed with Pro pricing and the contributor opted in to cover the fees)
shipping_address Address – The shipping address (Optional)
status String – The payment status. Valid values:
completed, preapproved, cancelled, refunded, reversed
subcampaign_id String – The ID of the subcampaign the payment was made to (if applicable, only available on multi-tier campaigns)
subscribe_to_updates Boolean – True, if the contributor opted in to receive campaign updates
taxreceipt_number String – The tax receipt number (Optional)
taxreceipt_url String – The URL to the downloadable tax receipt (Optional)
transaction_id String – The transaction ID (Provided by payment provider)
reference_id String (Optional) – The receiving campaign's reference ID
account_id String (Optional) – The receiving campaign's account ID

The Address object

Attribute Description
city String – City name
company_name String – Company name (Optional)
country String – Country code (Format: ISO 3166-1)
first_name String – First name
last_name String – Last name
postal_code String – Zip or postal code
state String – State or province name
street String – Address line
street2 String – Address line 2 (Optional)

Create an offline payment

Registers a new offline payment.

Authorizations:
user_access_token
Request Body schema: application/json
created
integer <int64>

Unix timestamp in seconds

campaign_id
string
amount
number <double> decimal places <= 2
message
string
payer_name
string
contact_email
string
phone_number
string
object (Address)
internal_notes
string
tags
Array of strings
show_name
boolean
show_amount
boolean
subscribe_to_updates
boolean
unrestricted_funds
boolean
send_confirmation
boolean
offer_receipt
boolean
match_amount
boolean

Responses

Request samples

Content type
application/json
{
  • "campaign_id": "42ica",
  • "amount": 100,
  • "currency": "usd",
  • "message": "Love your cause. Glad to help.",
  • "payer_name": "Alice Anderson"
}

Response samples

Content type
application/json
{
  • "id": "7VSkdD",
  • "created": 1422827061,
  • "amount": 31.98,
  • "net_amount": 29.9,
  • "currency": "usd",
  • "status": "completed",
  • "payer_name": "Ryan Anderson",
  • "payer_first_name": "Ryan",
  • "payer_last_name": "Anderson",
  • "payer_email": "ryan.anderson@example.com",
  • "transaction_id": "C1234567890",
  • "message": "Really appreciate your work.",
  • "claimed_items": [],
  • "contact_email": "ryan@example.com",
  • "subscribe_to_updates": true,
  • "phone_number": "1-800-12345678",
  • "address": {
    }
}

Delete an offline payment

Deletes an existing offline payment.

Authorizations:
user_access_token
path Parameters
paymentId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 400,
  • "message": "Invalid Parameter",
  • "type": "bad_request"
}

List payments

Retrieves all list of all payments for a specific entity. Results are sorted by creation time in descending order (newest first). Payments contain all transaction info. This includes sensitive details like the contributor's email address or any additional data collected.

query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

campaign
string
organization
string
partner
string
since
integer <int64>
since_id
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

List tax receipts

Retrieves a list of all tax receipts for a specific entity.

query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

organization
string
partner
string
since
integer <int64>
since_id
string

Responses

Response samples

Content type
application/json
{
  • "entries": [],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Partners

The Partner object

Attribute Description
id String – The partner ID
name String – The partner name
object String – The object type: partner
referral_code String – The referral code

List partners

Retrieves a list of all partners that the user manages.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Webhooks

The Webhook endpoint object

Attribute Description
id String – The webhook endpoint ID
object String – The object type: organization
url String – The url of the webhook endpoint
events A list of event types
status String – The status of the webhook endpoint. Valid values:
active, inactive, deleted
description String – The description of the webhook endpoint
secret String – The endpoint’s secret, used to generate webhook signatures. Only returned at creation.
entity String – The entity type associated with the webhook endpoint. Valid values:
organization, campaign, partner
entity_id String – the ID of the entity associated to the endpoint

The Webhook types

event type Description
payment.created Triggers when a new pledge or payment is made
payment.updated Triggers when a pledge or payment is updated
receipt.created Triggers when a new tax receipt is issued
receipt.updated Triggers when a tax receipt is updated
contact.created Triggers when a new contact is added
fundraiser.created Triggers when a new fundraiser registers for a Peer-to-peer campaign
campaign.created Triggers when a new campaign is created
campaign.updated Triggers when a campaign is updated

The Webhook event message object

Attribute Description
event String – event type
entity_type String – The entity type the webhook endpoint is associated with
entity_id String – the ID of the entity associated with the webhook endpoint
data The event data, e.g. a Payment object

Securing webhook endpoints

Every webhook event message request sent to a registered endpoint will include the following two request headers.

Header Description
X-Webhook-Signature The HMAC signature of the webhook event message
X-Webhook-Signature-Timestamp The creation time of the webhook event message in millis since Unix epoch

The HMAC signature is calculated via the SHA512 algorithm and the secret of the receiving webhook endpoint. As the secret is only returned upon registering a webhook endpoint, you need to ensure to have it stored in order to verify the signature of webhook event messages. The input for the HMAC signature creation is the concatenation of the X-Webhook-Signature-Timestamp request header value and the request body.

Below is a sample implementation of the signature verification process

  const crypto = require('crypto');
  
  const SIGNING_SECRET_ALGORITHM = "sha512";
  const HEADER_WEBHOOK_SIGNATURE = 'Http-X-Webhook-Signature';
  const HEADER_WEBHOOK_SIGNATURE_TIMESTAMP = 'Http-X-Webhook-Signature-Timestamp';
  const WEBHOOK_ENDPOINT_SECRET = "{The secret you stored after registering your webhook endpoint}";
  
  
  function isSignatureValid(signature, timestamp, requestBody) {
    let hmac = crypto.createHmac(SIGNING_SECRET_ALGORITHM, WEBHOOK_ENDPOINT_SECRET);
    let sig = hmac.update(timestamp + requestBody).digest("base64");
  
    return (
      Buffer.compare(
        Buffer.from(signature),
        Buffer.from(sig)
      ) === 0
    )
  }
  
  function processWebhookMessage(request) {
    let signature = request.headers[HEADER_WEBHOOK_SIGNATURE];
    let timestamp = request.headers[HEADER_WEBHOOK_SIGNATURE_TIMESTAMP];
    let requestBody = request.content;
    
    if (!isSignatureValid(signature, timestamp, requestBody))
      throw new Error("The webhook signature is invalid");
    
    // Continue to process the webhook event message here
  }

Retrieve webhook endpoint details

Retrieves the details for a webhook endpoint.

Authorizations:
user_access_token
path Parameters
webhookEndpointId
required
string

Responses

Response samples

Content type
application/json
{
  • "events": [
    ],
  • "status": "active",
  • "entity": "campaign",
  • "entity_id": "82bR8",
  • "created_time": 1658957239,
  • "id": "2bQ",
  • "description": "webhook endpoint description"
}

Delete a webhook endpoint

Delete a existing webhook endpoint.

Authorizations:
user_access_token
path Parameters
webhookEndpointId
required
string

Responses

Response samples

Content type
application/json
{
  • "code": 400,
  • "message": "Invalid Parameter",
  • "type": "bad_request"
}

List webhook endpoints

Retrieves a list of all webhook endpoints for a specific entity.

Authorizations:
user_access_token
query Parameters
required
object (PaginationInfo)

All API requests that return lists as a result support pagination. Lists are returned in an envelope that contains additional pagination information. The list results itself are contained in the entries parameter. The maximum number of results is limited to 50. If no limit is specified the default limit of 20 will be used.

campaign
string
organization
string
partner
string

Responses

Response samples

Content type
application/json
{
  • "entries": [
    ],
  • "total_results": 0,
  • "max_results": 0,
  • "offset": 0,
  • "after_cursor": 0
}

Register a new webhook endpoint

Register a new webhook endpoint.

Authorizations:
user_access_token
Request Body schema: application/json
events
required
Array of strings
Items Enum: "payment.created" "payment.updated" "receipt.created" "receipt.updated" "contact.created" "fundraiser.created" "campaign.created" "campaign.updated"

The types of events for which webhook event messages shall be received.

url
required
string

The receiving URL of webhook event messages.

entity
required
string
Enum: "organization" "campaign" "partner"

The entity type for which webhook event messages shall be received.

entity_id
required
string

The ID of the entity for which webhook event messages shall be received.

description
string

A description for the webhook endpoint

secret
string <= 64 characters

The secret used for signing webhook event messages. If none is provided, we will generate a secret for you.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "events": [
    ],
  • "status": "active",
  • "entity": "campaign",
  • "entity_id": "82bR8",
  • "created_time": 1658957239,
  • "id": "2bQ",
  • "description": "webhook endpoint description"
}