Make an API call using the access (bearer) token

Once you have acquired an OAuth access token (Authenticate APIs with OAuth), make API requests for resources from the resource endpoint. You can determine URL based on the one your company uses to access Medallia Web reporting.

Determine the resource URL:

  1. Examine the URL the company uses to access Medallia Web reporting, it looks like this: https://instance.domain.type/company.

  2. The resource endpoint you will use depends on the instance and company names.

    • For Production environments, use this URL: https://instance-company.apis.medallia.com/resource-group/resource-group-version/endpoint.

    • For Sandbox environments, use this URL: https://sandbox-company.apis.medallia.com/resource-group/resource-group-version/endpoint.

Important: Resource URLs with the form https://<company>.apis.medallia.<type> are deprecated and only valid for legacy clients.

In the following examples, the resource-group is data, the resource-group-version is v0, and the endpoint is query: https://instance-company.medallia.com/data/v0/query.

cURL example

This curl invocation makes a request from the endpoint using the previously issued access token and including it as a "bearer" token:

curl -H 'Authorization: Bearer 1ec45eb171229e68db4ce3cdeb262' \
-H 'Content-Type: application/json' "https://<api-host>/data/v0/query" \
--data '{"query":"query {me {roles {id name}}}\n","variables":{}}'

Java client example

This Java example makes a request from the endpoint using the previously issued access token:

public static void main(String[] args) throws IOException {
   String accessToken = getAccessToken(
        "https://queryapidemo.demo.sc4.medallia.com/oauth/fs/token", "querydemo", "query12345"); 
   HttpResponse httpResponse = getHttpResponse(accessToken, 
        "https://queryapidemo.apis.demo.sc4.medallia.com/data/v0/query"); 
   System.out.println(httpResponse.parseAsString());
}
private static HttpResponse getHttpResponse(String accessToken, String endpointUrl) throws IOException {
   Credential credential = new Credential(BearerToken.authorizationHeaderAccessMethod()) .setAccessToken(accessToken);
   String requestBody = "{\"query\":\"query{ me{ roles{ id name type }}}\",\"variables\":null}"; 
   HttpRequestFactory requestFactory = new NetHttpTransport().createRequestFactory(credential); 
   HttpRequest request = requestFactory.buildPostRequest(new GenericUrl(endpointUrl), ByteArrayContent.fromString(null, requestBody));
   request.getHeaders().setContentType("application/json");
   return request.execute(); 
}

Use the access token and ID token

For APIs that use the Authentication code Grant. Once you have acquired an OAuth access token and the ID token (Request OAuth authorization (Authorization code grant)), make API requests for resources from the resource endpoint.

cURL example

This curl invocation makes a request from the endpoint using the previously issued access token and including it as a "bearer" token, and the issued ID token as the "API token":

curl -X GET 'https://<api-host>/audit-query-service/v2/audit-events?f.username=<username>&tenantId=<tenant-id>&startTime=2024-09-16T05:00:00z&endTime=2024-09-16T15:00:00z' \
  --header 'content-type: application/json' \
  --header 'Authorization: Bearer <access-token>' \
  --header 'api_token: <JWT-id-token>'

In the example, the resource-group is audit-query-service, the resource-group-version is v2, and the endpoint is audit.