The Medallia Ideas API

Medallia Ideas API uses OAuth 2.0 protocol for authentication and authorization.

Before using the API, you must:
  • Have a full and validated account.
  • Register to receive a client ID and client secret, which you will then use to make requests.

Obtaining a client ID and secret

To register for using the APIs:

  1. Login to the desktop version.

  2. Go to your profile: click the user icon in the top right > "Go to profile".

  3. Choose API from the profile menu bar.

    The API community client list appears showing your existing API clients and API requests appears, both of which will be empty if this is your first API request.

  4. Apply for an API client account: click Apply for a new API client.

    In the form that appears, describe your project and reason for using the API.

  5. Click Apply.

A community administrator will review the request to create your credentials.

Tip: Community administrators can click the API option in the grey "Crowd Management" menu to display a list of current requests.

To review and obtain your credentials:

  1. Go to the API community client list.

  2. Locate the new Client ID (client_id value) in the list.

  3. Click generate password.

  4. Click save.

  5. Copy and record the new password (client_secret).

    Important: This value will never be shown again after the screen refreshes. Be sure secure it.

You can now use the client ID and secret to access the APIs.

Auth code

Auth code is a short lived token, used to create/exchange an access token (access_token).

To obtain an auth code (auth_code) make a POST request to

https://api.crowdicity.com/v2/auth/code

with form parameters

  • client_id={client_id}
  • client_secret={client_secret}

If you left the endpoint field empty in the access configuration, the auth_code will be returned as a result of the request, otherwise the system will make a call to the endpoint url and will pass the auth code as a url parameter.

Access token

Note: The access token expires every 24 hours. Refer to Refreshing Access Token, below, for information.

To obtain an access token (access_token) and refresh token (refresh_token), make a POST request to

https://api.crowdicity.com/v2/auth

with form parameters

  • auth_code={auth_code}
  • client_id={client_id}
  • client_secret={client_secret}

The response will be formatted as a JSON string and contain following data

{ "access_token": "{access_token}" "refresh_token": "{refresh_token}" }

API calls

Every API call, which needs authorisation should contain following header:

Authorization: bearer {access_token}

Refreshing Access Token

In case of access token expiration, make a POST call to

https://api.crowdicity.com/v2/auth/refreshtoken

with form parameter

  • refresh_token={refresh_token}

The response will contain a new access_token & refresh_token in JSON format (same as creating a new access token using access code)

Validating Access Token

When a token validation will be needed, make a POST call to

https://api.crowdicity.com/v2/auth/validatetoken

with parameter

  • access_token={access_token}

The response will be as following

{ "valid": {true|false} }

API Reference

The API reference is available here: https://api.crowdicity.com/doc

Regional URLs

Verify that you use the correct URL when calling the API.

RegionURL
AUhttps://api.crowdicity.com.au/v2/
EU (Ireland)https://api.crowdicity-ie1.medallia.com/v2/
UKhttps://api.crowdicity.com/v2/
UShttps://api.crowdicity-us1.medallia.com/v2/

The endpoints remain the same. For example, a community in US region uses the following URLs:

Auth codehttps://api.crowdicity-us1.medallia.com/v2/auth/code
Access tokenhttps://api.crowdicity-us1.medallia.com/v2/auth
API callshttps://api.crowdicity-us1.medallia.com/v2/{endpoint}