Trusted-source authentication

Restriction: OAuth authentication is the preferred method for authentication and the only option available to new MQL API applications. All other traditional methods — including Trusted-source authentication — are deprecated, and companies using the other methods will be transitioned to OAuth. Contact Medallia for assistance.

Trusted-source authentication is useful when the application is allowed to run API queries on behalf of any user without the user's password. This is especially useful when the users do not have passwords, such as when they sign-in with Single Sign-On (SSO). In this case, the application has its own SSO token.

Instead of the user's password, the trusted source possesses a Triple DES encryption initialization vector and key that can be used for all the users at the company. Only the application is allowed to receive such a key, so this method is not applicable for third-party applications.

The high-level steps to generate the API token are:

  1. Calculate the MD5 hash of the string "query=query,user=username"
  2. Make a timestamp of the current time in GMT in the format +%Y%m%d%H%M%S
  3. Create the token "ts=timestamp,hash=hash"
  4. Triple DES encrypt the token using IV and key provided by Medallia
  5. Generate an API request like
    https://api.medallia.com/company?user=username&query=query&output=csv&version=1&apikey=apikey&token=token