Medallia Ideas API
Programmatically accessing and editing community information.
The Medallia Ideas API enables applications to exchange data with the Medallia Ideas system without using the user interface. Developers can leverage the API to make community content accessible across platforms and audiences. The API operates through existing or new user accounts, inheriting their access rights, and mimics browser-based user actions.
Access to the API must be requested through a user account and approved by community admins. It can be revoked at any time, ensuring that access to community data is always under the control of admins.
With the Medallia Ideas API you can:
Retrieve information about challenges
Fetch lists of ideas from challenges
Get detailed voting and comment information for individual ideas
Retrieve visible user profile information
Create posts, comments and votes on behalf of the account through which the API is accessing the community
Common uses of the API include:
Retrieving ideas for analysis in another system
Showing latest ideas on a different platform or in a different format, such as an intranet
Creating a dynamic challenge list so users can visit them directly from another platform
Automatically post ideas based on another factor such as a daily schedule, to inspire discussion each day
Before using the API, you must:
Know which API host to use when making an API call
Have a full and validated account.
Register to receive a client ID and client secret, which you will then use to make requests.
API Hosts
To make a API call, use the region-specific Host URL appropriate for your Medallia Ideas community instance.
Region | Host URL |
---|---|
AU | https://api-0.ideas.medallia.com.au/v2 |
EU | https://api-0.ideas.fra1.medallia.eu/v2 |
UK | https://api-0.ideas.lon.medallia.eu/v2 |
US | https://api-0.ideas.smf1.medallia.com/v2 |
For example, a US community uses the following URLs:
Action | U.S.Endpoint |
---|---|
Auth code | https://api-0.ideas.smf1.medallia.com/v2/auth/code?client_id={client_id}&client_secret={client_secret} |
Access token | https://api-0.ideas.smf1.medallia.com/v2/auth |
API calls | https://api-0.ideas.smf1.medallia.com/v2/{endpoint} |
API Documentation
The API endpoints are described in detail in the API reference guide, which can be accessed via any of these regional links.
Obtaining a client ID and secret
Medallia Ideas API uses OAuth 2.0 protocol for authentication and authorization.
To register for using the APIs:
Login to the desktop version.
Go to your profile: click the user icon in the top right > "Go to profile".
Choose API from the profile menu bar.
The API community client list appears showing your existing API clients and API requests appears, both of which will be empty if this is your first API request.
Apply for an API client account: click Apply for a new API client.
In the form that appears, describe your project and reason for using the API.
Click Apply.
A community administrator will review the request to create your credentials.
To review and obtain your credentials:
Go to the API community client list.
Locate the new Client ID (client_id value) in the list.
Click generate password.
Click save.
Copy and record the new password (client_secret).
Important: This value will never be shown again after the screen refreshes. Be sure secure it.
You can now use the client ID and secret to access the APIs.
Auth code
Auth code is a short lived token used to create/exchange an access token (access_token).
To obtain an auth code (auth_code) make a POST request to
https://{Ideas-API-Host}/v2/auth/code
with form parameters
client_id={client_id}
client_secret={client_secret}
If you left the endpoint field empty in the access configuration, the auth_code will be returned as a result of the request, otherwise the system will make a call to the endpoint url and will pass the auth code as a url parameter.
Access token
To obtain an access token (access_token) and refresh token (refresh_token), make a POST request to
https://{Ideas-API-Host}/v2/auth
with form parameters
auth_code={auth_code}
client_id={client_id}
client_secret={client_secret}
The response will be formatted as a JSON string and contain following data
{
"access_token": "{access_token}"
"refresh_token": "{refresh_token}"
}
API calls
Every API call, which needs authorisation should contain following header:
Authorization: bearer {access_token}
Refreshing Access Token
In case of access token expiration, make a POST call to
https://{Ideas-API-Host}/v2/auth/refreshtoken
with form parameter
refresh_token={refresh_token}
The response will contain a new access_token & refresh_token in JSON format (same as creating a new access token using access code)
Validating Access Token
When a token validation will be needed, make a POST call to
https://{Ideas-API-Host}/v2/auth/validatetoken
with parameter
access_token={access_token}
The response will be as following
{
"valid": {true|false}
}