Skip to main content
All routes under /integrations/* are HMAC-authenticated. Full request/response schemas with try-it-out controls are in the API Reference tab.

Endpoints at a glance

POST /integrations/users

Idempotently creates or updates a user keyed by (partner_id, externalUserId). If the user was previously anonymised, this call revives the row and clears anonymizedAt. PII fields that are omitted are left unchanged. Passing an explicit null clears them. Headers
  • x-partner-slug
  • x-signature
  • content-type: application/json
Body Responses

DELETE /integrations/users/{externalUserId}

Soft-deletes the user: clears email/displayName/phone/countryCode/locale and stamps anonymizedAt. Redemption and claim history is preserved for audit and reporting. A subsequent POST /integrations/users with the same externalUserId revives the row and re-populates the PII. Headers — same as above. The body is empty; sign the empty string: hmac_sha256(secret, "${timestamp}."). Responses