Skip to content

Sandbox API QuickStart Guide

To quickly learn, explore and test Cardlytics Platform APIs, we provide developers with a sandbox environment.

Using the sandbox, coupled with our developer documentation, you'll gain a foundational understanding of how to write to the Cardlytics APIs before you begin full product development and integration with our platform.

Prerequisites

As a Cardlytics partner, you first need to reach out to your assigned account manager or integration consultant. That person will work with you and the Cardlytics Platform Support team to provision access to the Sandbox.

Setup

Access to the secure sandbox environment is provided via a private key. To enable access, you'll need to request a signed certificate from Cardlytics.

Alternatively, a single signed client certificate can be centrally shared among multiple developers in a single partner environment.

How a Secure Connection Works

The process works as follows:

  1. You generate a Certificate Signing Request (CSR) and send it to CDLX.
  2. CDLX accepts and signs the CSR and generates a key.
  3. The key is then sent to you for installation.

Generating a CSR

First, check if you have openssl installed on your computer. Most developers will already have this installed. If not, you can download it from Openssl.

Openssl version

LibreSSL 3.3.6

Next, create a local client certificate using openssl. In some environments, you may need to use double quotes instead of single quotes for the subject field. For example:

openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj "/C=US/ST=CA/O=Publisher/CN=api-test-sandbox"

Generating a 4096 bit RSA private key ..................................................................................................................................................++++ ....................................................++++ writing new private key to 'client.key' -----

  1. Once you run this, you'll see two files in the same directory in which you executed the command: client.csr and client.key.

  2. Send the client.csr file to your Cardlytics contact and save the client.key locally. You will need to use the client.key later.

  3. Your Cardlytics contact will send back a signed client certificate file by the name client.crt. Store this file along with your client.key file.

Now you're all set and ready to start using the sandbox.

Endpoint Testing

To verify that connectivity has been correctly established, trigger the following request into the appropriate endpoint for your region:

Region endpoints

US: https://pub-api-us.sandbox.cardlytics.com

UK:https://pub-api-eu.sandbox.cardlytics.com

Test request

curl https://pub-api-eu.sandbox.cardlytics.com/v2/session/startSession --cert client.crt --key client.key -H "Content-Type: application/json" -d '{ "scopes": ["api:institution"] }'

{"sessionToken":"eyJrZXlWZXJzaW9uSWQiOjEsImluc3RpdHV0aW9uSWQiOjk5OTgsInAyYyI6MTIwMDAwLCJwMnMiOiI0SmJtd3pWZXNsYVRybzhiMEg0R1BSYnhkQXVmTTdwSHFDaHZwZ2JKM3lqMThGbVRXNUdVWTdUMDJ1VW1Ock9Ga05IXzFUMlJhMFJOXzRkQ3dSdHpzZyIsImFsZyI6IlBCRVMyLUhTNTEyK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00ifQ.THLE8XwVLb3bDK1_FVfDoqx_h6L-WKvwrjo4RaI03WVJYN5D_uDBOg.Ibfc6J0c6X6wTBAN.xay7l846Im2Q8y34g1WKj-WnIbaUA00BT-ja2cPYz5YK8-CtbDUvTD37fAx-TDb_CBK_kcEkuOKgG7gqNRB5DrKXDJ_n8DrvFdY8kjSRYnLZiSqsiQ.Fgr4VfYvvR4tiBYDpCUjkw"}

Troubleshooting

If another output is returned, you should cut and paste your command and output, and then share that with your Cardlytics contact in order to fix errors and troubleshoot any issues.