/integrations/* are HMAC-authenticated. Full
request/response schemas with try-it-out controls are in the
API Reference tab.
Endpoints at a glance
POST /integrations/users
Idempotently creates or updates a user keyed by (partner_id, externalUserId).
If the user was previously anonymised, this call revives the row and
clears anonymizedAt.
PII fields that are omitted are left unchanged. Passing an explicit
null clears them.
Headers
x-partner-slugx-signaturecontent-type: application/json
Responses
DELETE /integrations/users/{externalUserId}
Soft-deletes the user: clears email/displayName/phone/countryCode/locale and
stamps anonymizedAt. Redemption and claim history is preserved for
audit and reporting.
A subsequent POST /integrations/users with the same externalUserId
revives the row and re-populates the PII.
Headers — same as above. The body is empty; sign the empty string:
hmac_sha256(secret, "${timestamp}.").
Responses