Download OpenAPI specification:
Welcome to Synerise API Reference! We hope that you'll enjoy your stay here.
If you need help with our services, feel free to contact us at support@synerise.com.
Authenticate as a User.
Note: To perform operations within a Workspace, you must select a Workspace.
| username required | string The login (email address) of the user |
| password required | string The user's password |
| deviceId | string Identifier of user's current device |
| externalProviderToken | string |
| externalProviderType | string Value: "GOOGLE" |
{- "username": "string",
- "password": "string",
- "deviceId": "string",
- "externalProviderToken": "string",
- "externalProviderType": "GOOGLE"
}{- "consumer": {
- "type": "USER",
- "businessProfileId": 0,
- "name": "string",
- "id": 0,
- "authorities": [
- "string"
], - "roles": "string"
}, - "token": "string"
}Authenticate as a User with multi-factor authentication.
Note: To perform operations within a Workspace, you must select a Workspace.
API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.
| mfaType required | string Enum: "TOTP_AUTHENTICATOR" "EMAIL" Type of multi-factor authentication |
| verificationCode required | string Multi-factor verification code |
| deviceId | string |
| externalProviderToken | string |
| externalProviderType | string Value: "GOOGLE" |
{- "verificationCode": "string",
- "deviceId": "string",
- "externalProviderToken": "string",
- "externalProviderType": "GOOGLE"
}{- "consumer": {
- "type": "USER",
- "businessProfileId": 0,
- "name": "string",
- "id": 0,
- "authorities": [
- "string"
], - "roles": "string"
}, - "token": "string"
}After logging in as a User, select a Workspace where you want to perform operations.
API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
| businessProfileUUID required | string <uuid> UUID of the workspace |
curl --request POST \ --url https://api.synerise.com/uauth/auth/login/user/profile/%7BbusinessProfileUUID%7D \ --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'
{- "consumer": {
- "type": "USER",
- "businessProfileId": 0,
- "name": "string",
- "id": 0,
- "authorities": [
- "string"
], - "roles": "string"
}, - "token": "string"
}Retrieve a list of Workspaces available to the user.
API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
curl --request GET \ --url https://api.synerise.com/uauth/business-profile/ \ --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'
[- {
- "businessProfileGuid": "string",
- "logo": "string",
- "name": "string",
- "id": 0,
- "created": "2019-08-24T14:15:22Z",
- "subdomain": "string",
- "ipRestricted": true,
- "mfaRequired": true
}
]Retrieve a list of workspace ids available to the user, with added user-specific data
API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
curl --request GET \ --url https://api.synerise.com/uauth/business-profile/ids \ --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'
[- {
- "id": 0,
- "ipRestriction": "OFF",
- "mfaRestriction": "OFF",
- "favorite": true
}
]Retrieve information about the currently selected workspace.
API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
curl --request GET \ --url https://api.synerise.com/uauth/business-profile/current \ --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'
{- "selected": true,
- "data": {
- "id": 0,
- "name": "string",
- "logo": "string",
- "businessProfileGuid": "string",
- "created": "2019-08-24T14:15:22Z",
- "subdomain": "string",
- "ipRestriction": "OFF",
- "mfaRestriction": "OFF",
- "labels": [
- "string"
], - "emailAttributeName": "string"
}
}Obtain a new Workspace JWT Token.
| apiKey required | string Workspace API key WARNING: Workspace API keys can be used to access all customer data and manage the workspace. They should only be used for server-to-server communication in integrations. DO NOT use workspace API keys in your mobile applications or websites. |
{- "apiKey": "64c09614-1b2a-42f7-804d-f647243eb1ab"
}{- "token": "string"
}Retrieve a refreshed JWT Token to prolong the session.
The current token must still be active at the time of the request.
API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)
This method does not require authentication.
| apiKey required | string Profile (formerly "Client") API key |
{- "apiKey": "string"
}{- "token": "string",
- "expiration": 1649283173,
- "created": 1649277173668,
- "origin": "SYNERISE",
- "customId": "card123",
- "realm": "client"
}Obtain a new JWT for a Profile. If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.
| apiKey required | string Profile (formerly "Client") API key |
| identityProvider required | string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider. |
| identityProviderToken | string Third-party authentication token used to authenticate with the Identity Provider. Required if |
string Profile email. Required if | |
| customId | any Profile customId. Required if |
| password | string Profile password. Required if |
| uuid | string Profile UUID. Required if |
| deviceId | string Unique Android or iOS device ID. We recommend sending this attribute every time, to assign a web push registration to the device. Required when any form of unknown device control is enabled. |
object Marketing agreements of the Profile. You can also pass the values as strings ( | |
object Custom attributes (with any names) WARNING: Some attributes cannot be sent in this object and will be ignored. Some of these are reserved for system use, and others must be sent as properties of the profile in the root object of the request body instead of inside the Click to expand the list of reserved attributesemailidclientIdphonecustomIduuidfirstNamelastNamedisplayNamecompanyaddresscityprovincezipCodecountryCodebirthDatesexavatarUrlanonymousagreementstagsbusinessProfileIdtimeipsourcenewsletter_agreementcustom_identifyfirstnamelastnamecreatedupdatedlast_activity_datebirthdateexternal_avatar_urldisplaynamereceive_smsesreceive_push_messagesreceive_webpush_messagesreceive_btooth_messagesreceive_rfid_messagesreceive_wifi_messageszipCodeanonymous_typecountry_idgeo_loc_countrygeo_loc_ispgeo_loc_latgeo_loc_lonclub_card_idtypeconfirmedfacebookIddeletedAtdeleted_uniquestatusrecognizedprevious_clientstestProfileapikeyapiKeyApiKeyApikeytrackersnr_sdk_versioneventCreateTimecorrelationId
| |
| tags | Array of strings Tags can be used to group Profile accounts. |
{- "apiKey": "string",
- "identityProvider": "SYNERISE",
- "identityProviderToken": "string",
- "email": "string",
- "customId": null,
- "password": "string",
- "uuid": "string",
- "deviceId": "string",
- "agreements": {
- "email": true,
- "sms": true,
- "push": true,
- "bluetooth": false,
- "rfid": false,
- "wifi": false
}, - "attributes": {
- "property1": null,
- "property2": null
}, - "tags": [
- "string"
]
}{- "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}Obtain a new JWT for a Profile. This method is designed to be used from a backend server that handles login requests and communicates with Synerise to execute them.
If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.
API consumer who can use this method: Workspace (formerly Business Profile)
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SERVER_LOGIN_CLIENT_CREATE
| ipAddress required | string The IP address of the client device that is logging in. |
| apiKey required | string Profile (formerly "Client") API key |
| identityProvider required | string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider. |
| identityProviderToken | string Third-party authentication token used to authenticate with the Identity Provider. Required if |
string Profile email. Required if | |
| customId | any Profile customId. Required if |
| password | string Profile password. Required if |
| uuid | string Profile UUID. Required if |
| deviceId | string Unique Android or iOS device ID. We recommend sending this attribute every time, to assign a web push registration to the device. Required when any form of unknown device control is enabled. |
object Marketing agreements of the Profile. You can also pass the values as strings ( | |
object Custom attributes (with any names) WARNING: Some attributes cannot be sent in this object and will be ignored. Some of these are reserved for system use, and others must be sent as properties of the profile in the root object of the request body instead of inside the Click to expand the list of reserved attributesemailidclientIdphonecustomIduuidfirstNamelastNamedisplayNamecompanyaddresscityprovincezipCodecountryCodebirthDatesexavatarUrlanonymousagreementstagsbusinessProfileIdtimeipsourcenewsletter_agreementcustom_identifyfirstnamelastnamecreatedupdatedlast_activity_datebirthdateexternal_avatar_urldisplaynamereceive_smsesreceive_push_messagesreceive_webpush_messagesreceive_btooth_messagesreceive_rfid_messagesreceive_wifi_messageszipCodeanonymous_typecountry_idgeo_loc_countrygeo_loc_ispgeo_loc_latgeo_loc_lonclub_card_idtypeconfirmedfacebookIddeletedAtdeleted_uniquestatusrecognizedprevious_clientstestProfileapikeyapiKeyApiKeyApikeytrackersnr_sdk_versioneventCreateTimecorrelationId
| |
| tags | Array of strings Tags can be used to group Profile accounts. |
{- "ipAddress": "string",
- "apiKey": "string",
- "identityProvider": "SYNERISE",
- "identityProviderToken": "string",
- "email": "string",
- "customId": null,
- "password": "string",
- "uuid": "string",
- "deviceId": "string",
- "agreements": {
- "email": true,
- "sms": true,
- "push": true,
- "bluetooth": false,
- "rfid": false,
- "wifi": false
}, - "attributes": {
- "property1": null,
- "property2": null
}, - "tags": [
- "string"
]
}{- "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}Obtain a new JWT token for a Profile.
If the account does not exist, an account is not created.
If any additional conditions are required for logging in, the response is HTTP200 and lists the conditions.
Note that using this endpoint requires authenticating as an anonymous Profile first.
This method does not require authentication.
| apiKey required | string Profile (formerly "Client") API key |
| identityProvider required | string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider. |
| identityProviderToken | string Third-party authentication token used to authenticate with the Identity Provider. Required if |
string Profile email. Required if | |
| customId | any Profile customId. Required if |
| password | string Profile password. Required if |
| uuid | string Profile UUID. Required if |
| deviceId | string Unique Android or iOS device ID. We recommend sending this attribute every time, to assign a web push registration to the device. Required when any form of unknown device control is enabled. |
object Marketing agreements of the Profile. You can also pass the values as strings ( | |
object Custom attributes (with any names) WARNING: Some attributes cannot be sent in this object and will be ignored. Some of these are reserved for system use, and others must be sent as properties of the profile in the root object of the request body instead of inside the Click to expand the list of reserved attributesemailidclientIdphonecustomIduuidfirstNamelastNamedisplayNamecompanyaddresscityprovincezipCodecountryCodebirthDatesexavatarUrlanonymousagreementstagsbusinessProfileIdtimeipsourcenewsletter_agreementcustom_identifyfirstnamelastnamecreatedupdatedlast_activity_datebirthdateexternal_avatar_urldisplaynamereceive_smsesreceive_push_messagesreceive_webpush_messagesreceive_btooth_messagesreceive_rfid_messagesreceive_wifi_messageszipCodeanonymous_typecountry_idgeo_loc_countrygeo_loc_ispgeo_loc_latgeo_loc_lonclub_card_idtypeconfirmedfacebookIddeletedAtdeleted_uniquestatusrecognizedprevious_clientstestProfileapikeyapiKeyApiKeyApikeytrackersnr_sdk_versioneventCreateTimecorrelationId
| |
| tags | Array of strings Tags can be used to group Profile accounts. |
{- "apiKey": "string",
- "identityProvider": "SYNERISE",
- "identityProviderToken": "string",
- "email": "string",
- "customId": null,
- "password": "string",
- "uuid": "string",
- "deviceId": "string",
- "agreements": {
- "email": true,
- "sms": true,
- "push": true,
- "bluetooth": false,
- "rfid": false,
- "wifi": false
}, - "attributes": {
- "property1": null,
- "property2": null
}, - "tags": [
- "string"
]
}{- "conditions": [
- "string"
], - "status": "SUCCESS",
- "token": "string",
- "expiration": 1649283173,
- "created": 1649277173668,
- "origin": "SYNERISE",
- "customId": "card123",
- "realm": "client"
}Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.
| apiKey required | string Profile (formerly "Client") API key |
| uuid required | string UUID of the Profile |
| deviceId | string Unique iOS or Android device identifier. |
{- "apiKey": "string",
- "uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
- "deviceId": "string"
}{- "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}Retrieve the number of new events (events added to the database on a particular day), listed by day. You can limit the metric to particular workspaces and event types (actions).
API consumers who can use this method: Synerise User, Organization (contact Synerise Support for access)
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
| from required | string First day to retrieve, in |
| to required | string Last day to retrieve, in |
| actions | Array of strings You can limit the events added to the report. Without this parameter, all events are included. |
| bpGuids | Array of strings <uuid> [ items <uuid > ] You can limit the workspaces added to the report. Without this parameter, all workspaces in the organization are included. |
{- "from": "2025-05-29",
- "to": "2025-05-30",
- "actions": [
- "page.visit"
], - "bpGuids": [
- "34eea35e-3ac4-44f4-95b5-fd00a3b45eff"
]
}[- {
- "dailyUsageStatistics": {
- "day": "2019-08-24",
- "events": {
- "property1": 0,
- "property2": 0
}, - "other": 0,
- "total": 0
}, - "eventsTotal": {
- "property1": 0,
- "property2": 0
}, - "totalAll": 0,
- "totalOther": 0
}
]Retrieve the number of events kept in the database, listed by day. This includes events saved in the past, which currently exist in the database according to their retention period.
You can limit the metric to particular workspaces and event types (actions).
API consumers who can use this method: Synerise User, Organization (contact Synerise Support for access)
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).
| from required | string First day to retrieve, in |
| to required | string Last day to retrieve, in |
| actions | Array of strings You can limit the events added to the report. Without this parameter, all events are included. |
| bpGuids | Array of strings <uuid> [ items <uuid > ] You can limit the workspaces added to the report. Without this parameter, all workspaces in the organization are included. |
{- "from": "2025-05-29",
- "to": "2025-05-30",
- "actions": [
- "page.visit"
], - "bpGuids": [
- "34eea35e-3ac4-44f4-95b5-fd00a3b45eff"
]
}{- "dailyUsageStatistics": {
- "day": "2019-08-24",
- "events": {
- "property1": 0,
- "property2": 0
}, - "other": 0,
- "total": 0
}, - "eventsAverage": {
- "property1": 0,
- "property2": 0
}, - "averageAll": 0,
- "averageOther": 0
}