Medallia Ideas API

Programmatically accessing and editing community information.

The Medallia Ideas API enables applications to exchange data with the Medallia Ideas system without using the user interface. Developers can leverage the API to make community content accessible across platforms and audiences. The API operates through existing or new user accounts, inheriting their access rights, and mimics browser-based user actions.

Access to the API must be requested through a user account and approved by community admins. It can be revoked at any time, ensuring that access to community data is always under the control of admins.

With the Medallia Ideas API you can:

  • Retrieve information about challenges

  • Fetch lists of ideas from challenges

  • Get detailed voting and comment information for individual ideas

  • Retrieve visible user profile information

  • Create posts, comments and votes on behalf of the account through which the API is accessing the community

Common uses of the API include:

  • Retrieving ideas for analysis in another system

  • Showing latest ideas on a different platform or in a different format, such as an intranet

  • Creating a dynamic challenge list so users can visit them directly from another platform

  • Automatically post ideas based on another factor such as a daily schedule, to inspire discussion each day

Before using the API, you must:

  • Know which API host to use when making an API call

  • Have a full and validated account.

  • Register to receive a client ID and client secret, which you will then use to make requests.

API Hosts

To make a API call, use the region-specific Host URL appropriate for your Medallia Ideas community instance.

RegionHost URL
AUhttps://api-0.ideas.medallia.com.au/v2
EUhttps://api-0.ideas.fra1.medallia.eu/v2
UKhttps://api-0.ideas.lon.medallia.eu/v2
UShttps://api-0.ideas.smf1.medallia.com/v2

For example, a US community uses the following URLs:

ActionU.S.Endpoint
Auth code https://api-0.ideas.smf1.medallia.com/v2/auth/code?client_id={client_id}&client_secret={client_secret}
Access token https://api-0.ideas.smf1.medallia.com/v2/auth
API calls https://api-0.ideas.smf1.medallia.com/v2/{endpoint}

API Documentation

The API endpoints are described in detail in the API reference guide, which can be accessed via any of these regional links.

Obtaining a client ID and secret

Medallia Ideas API uses OAuth 2.0 protocol for authentication and authorization.

To register for using the APIs:

  1. Login to the desktop version.

  2. Go to your profile: click the user icon in the top right > "Go to profile".

  3. Choose API from the profile menu bar.

    The API community client list appears showing your existing API clients and API requests appears, both of which will be empty if this is your first API request.

  4. Apply for an API client account: click Apply for a new API client.

    In the form that appears, describe your project and reason for using the API.

  5. Click Apply.

A community administrator will review the request to create your credentials.

Tip: Community administrators can click the API option in the grey "Crowd Management" menu to display a list of current requests.

To review and obtain your credentials:

  1. Go to the API community client list.

  2. Locate the new Client ID (client_id value) in the list.

  3. Click generate password.

  4. Click save.

  5. Copy and record the new password (client_secret).

    Important: This value will never be shown again after the screen refreshes. Be sure secure it.

You can now use the client ID and secret to access the APIs.

Auth code

Auth code is a short lived token used to create/exchange an access token (access_token).

To obtain an auth code (auth_code) make a POST request to

https://{Ideas-API-Host}/v2/auth/code

with form parameters

  • client_id={client_id}
  • client_secret={client_secret}

If you left the endpoint field empty in the access configuration, the auth_code will be returned as a result of the request, otherwise the system will make a call to the endpoint url and will pass the auth code as a url parameter.

Access token

Note: The access token expires every 24 hours. Refer to Refreshing Access Token, below, for information.

To obtain an access token (access_token) and refresh token (refresh_token), make a POST request to

https://{Ideas-API-Host}/v2/auth

with form parameters

  • auth_code={auth_code}
  • client_id={client_id}
  • client_secret={client_secret}

The response will be formatted as a JSON string and contain following data

{
    "access_token": "{access_token}"
    "refresh_token": "{refresh_token}"
}

API calls

Every API call, which needs authorisation should contain following header:

Authorization: bearer {access_token}

Refreshing Access Token

In case of access token expiration, make a POST call to

https://{Ideas-API-Host}/v2/auth/refreshtoken

with form parameter

  • refresh_token={refresh_token}

The response will contain a new access_token & refresh_token in JSON format (same as creating a new access token using access code)

Validating Access Token

When a token validation will be needed, make a POST call to

https://{Ideas-API-Host}/v2/auth/validatetoken

with parameter

  • access_token={access_token}

The response will be as following

{
    "valid": {true|false}
}