API Reference
The accesso Guest Experience platform APIs are designed to allow you to build web and mobile applications, wearable devices, and consumer-facing screens that can deliver real-time personalized experiences to users.
accesso's APIs are organized around REST. The APIs have predictable resource-oriented URLs that return JSON-encoded responses and use standard HTTP response codes, authentication, and verbs. The Guest Experience platform was formerly known as TE2 (The Experience Engine), which is why you might see TE2 referenced in various documentation (example responses, etc.).Authentication
accesso APIs use OAuth2 Bearer tokens to authenticate requests. Contact your assigned accesso Client Engagement Manager to obtain an API key and token-generation instructions.Your API credentials carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication to APIs is performed via HTTP Basic Auth. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. In most cases, API requests without authentication will also fail.
Errors
accesso uses conventional HTTP response codes to indicate the success or failure of an API request. In general:- Codes in the 2xx range indicate success.
- Codes in the 3xx range indicate redirection often used for caching purposes.
- Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, an order failed, etc.).
- Codes in the 5xx range indicate an error with accesso's services.
check_circle
Tip: Some 4xx errors that could be handled programmatically include an error code that briefly explains the error reported.
| HTTP status code summary | |
|---|---|
| 200 - OK | Everything worked as expected. |
| 304 - Not Modified | A redirection response to indicate no need to retransmit the requested resource. |
| 400 - Bad Request | The request was unacceptable, often due to missing a required parameter. |
| 401 - Unauthorized | No valid security credentials provided. |
| 404 - Not Found | The requested resource doesn't exist. |
| 500 - Server Error | Something went wrong on accesso's end. |
Idempotent Requests
accesso APIs support idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response. For example, if a request to create an order does not respond due to a network connection error, you can retry the request and guarantee that no more than one order is created. Results are only saved if an API endpoint started executing. If incoming parameters failed validation, or the request conflicted with another that was executing concurrently, no idempotent result is saved because no API endpoint began execution. It is safe to retry these requests.Idempotent keys and headers are not supported at this time.