Introduction

From here on, this document uses https://example.com/api/odyssey/ as the example base URL

This document describes a specification for a generic API that exposes clickstream data about converted customer journeys. If your API follows this spec, you can create an Odyssey account which uses the data your API exposes.

A Swagger specification of this document is also available in both JSON and YAML formats.

Authorization

# Switch the language above to see an example of how to validate Odyssey requests in your API
export KEY = 'kqvtKkut8l50IKHBOYuWAS8G1MCgWqLuNZV0fKua'

<?php
$msg = 'https://example.com/api/odyssey/' . $_SERVER['REQUEST_URI'];
$key = 'kqvtKkut8l50IKHBOYuWAS8G1MCgWqLuNZV0fKua';
$calculated_hmac = hash_hmac('sha256', $msg, $key);
if ($sig !== $calculated_hmac) {
    http_response_code(401);
    die('Unauthorized');
}

<?php
class OdysseyAuthentication {
    public function handle(Request $request, Closure $next) {
        $sig = $request->header('X-Odyssey-Signature');

        $data = $request->fullUrl();
        $calculated_hmac = hash_hmac('sha256', $data, config('services.odyssey.key'));

        if ($sig === $calculated_hmac) {
            return $next($request);
        } else {
            return response('Unauthorized', 401);
        }
    }
}

class APIAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        key = 'kqvtKkut8l50IKHBOYuWAS8G1MCgWqLuNZV0fKua'

        msg = request.build_absolute_uri()
        sig = request.META.get('HTTP_X_ODYSSEY_SIGNATURE', '')

        calculated_hmac = hmac.new(
            key,
            msg=msg,
            digestmod=hashlib.sha256
        ).hexdigest()

        if calculated_hmac != sig:
            raise exceptions.AuthenticationFailed('Invalid API signature')

        return None

var crypto = require("crypto");

app.use(function(req, res, next) {
    var key = "kqvtKkut8l50IKHBOYuWAS8G1MCgWqLuNZV0fKua";

    var msg = req.protocol + '://' + req.get('host') + req.originalUrl;
    var sig = req.header("X-Odyssey-Signature");

    var calculated_hmac = crypto.createHmac("sha256", key).update(msg).digest("hex");

    if (sig !== calculated_hmac) {
        res.status(401).send('Unauthorized');
        return;
    }
    next();
});

class Authenticator
    def initialize(app)
        @app = app
    end

    def call(env)
        request = Rack::Request.new(env)

        key = "kqvtKkut8l50IKHBOYuWAS8G1MCgWqLuNZV0fKua"

        msg = request.url
        sig = request.get_header('X-Odyssey-Signature')

        calculated_hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), key, msg)
                                .strip()

        if calculated_hmac == sig
            @app.call(env)
        else
            Rack::Response.new([], 401, {}).finish
        end
    end
end

To make sure only Odyssey can access your data, all requests to your API will be signed with a pre-shared key. When an agency sets up a new account in the Odyssey dashboard, they enter this key.

In your API, you should verify that Odyssey sent a correct signature. The signature is created by taking the HMAC SHA256 of the full request URI. In the case of the GET /data/{day} call, the message might be https://example.com/api/odyssey/data/2017-01-01.

Odyssey sends the signature in HTTP header X-Odyssey-Signature.

Customer journeys

List journeys for all customers that have converted on a certain day

SIG = 'fdc3f7469d511293ce1b18643718963658cc86eecb9e2aae8633ff69c737db8f'
curl -H "X-Odyssey-Signature: $SIG" https://example.com/api/odyssey/data/2017-01-01

HTTP Request

GET /data/{day}

Parameters

Name	Located in	Description	Required	Type
day	path	Date where paths have been converted, in Y-m-d.	Yes	date

Response

The endpoint should return JSON that follows this format:

[
  {
    "transactionId": "as3da64234dada",
    "date": "2017-06-18",
    "transactionRevenue": 199.12,
    "events": [
      {
        "step": 1,
        "eventTime": 1497793010,
        "trafficSource": "Source",
        "channel": "Referring sites"
      }
    ]
  } 
]

Description

Code	Description
200	successful operation
404	no conversions on this date

When there is no data available for the given date, you can also return an empty array.

Conversion

Name	Type	Description
transactionId	string	The unique identifier of the translation
date	string	The date the conversion has been converted, in Y-m-d
transactionRevenue	double	The revenue generated by the conversion
events	array	Array of events, see Event

Event

Name	Type	Description
step	string	Increments for every event in conversion, the first event in an conversion should have step 1
eventTime	int	Timestamp for the start of the event
trafficSource	string	The traffic source where the event originated from
channel	string	The channel group the traffic source is associated with

Errors

Your API can return the following error codes:

Error Code	Meaning
401	Unauthorized – The given signature is incorrect.
404	Not Found – Data could not be found.
429	Too Many Requests – Odyssey is sending too many requests. We’ll use an incremental back-off strategy and try again later.
500	Internal Server Error – Your server is having issues. Odyssey will immediately stop trying to connect and mark the data collection as failed.