The Get Profile API is used to verify account information and prevent fraud at the time of checkout. This API provides a second layer of account verification before the reward is sent, ensuring a seamless and secure customer experience.
⚠️ Important:
- This API must be implemented and hosted by the client.
- Xoxoday will consume this API whenever a redemption takes place.
- The request and response below are provided only as a sample to illustrate the structure that Xoxoday expects.
- Please ensure that your response is always in JSON format only, as our system does not support any other data types.
Sample Request and Response
Headers
Content-Type: application/json
Sample Request
{
"unique_id":"DB123",
"auth_token":"asdgfjhbsdlkjbasdlkjbadslkbdakasdhfjhfdb=="
}
Sample Request Schema
| Parameter | Type | Description |
|---|---|---|
unique_id | String | Unique identifier of a user (sent by Xoxoday in the SSO redirection request). |
auth_token | String | Authorization value provided by the client during SSO redirection. Used by Xoxoday for API calls. |
Sample Response
{
"status": 1,
"message": "Successfully loaded user's data",
"user_data": {
"unique_id": "22816281",
"company_email_id": "[email protected]",
"first_name": "Dwight",
"last_name": "Schrute",
"mobile_number": "+1-123456789"
}
}
Schema Response Schema
| Parameters | Description |
|---|---|
| status | 1 = successful / 0 = failure |
| user_data.unique_id | Unique identifier of the user |
| user_data.company_email_id | Email address of the user |
| user_data.first_name | First name of the user |
| user_data.last_name | Last name of the user |
| user_data.mobile_number | Mobile number of the user |
Implementation Notes
- Xoxoday will only consume this API — the client must build and expose it.
- The
auth_tokenmust be provided by you undertpdobject when SSO Redirection API is called . - Make sure the API response includes accurate response status.