Create profile

From ePrize Developers Wiki

Revision as of 16:02, 17 March 2009

Request representation:
{profile-key}:{profile-value}
{key1}:{value1},
{key2}:{value2},
...
{keyN}:{valueN}

Response:
201 Created
Location: /v1/{apikey}/profile/{uid}
Entity body same as GET /v1/{apikey}/profile/{uid}

Response if request invalid:
400 Bad Request
Entity body describing failed validations

Response if profile with {profile-value} already exists:
405 Conflict

Invalid Request - Errors

HTTP Status: 400 Bad Request
<?xml version="1.0" encoding="UTF-8" ?>
<result ver="ePrize Web Services 1.0">
  <result>
    <errors>
      <field_errors>
        <field>
          <name>field1</name>
          <error>VALIDATION</error>
        </field>
        <field>
          <name>field2</name>
          <error>NULL</error>
        </field>
        ...
        <field>
          <name>fieldN</name>
          <error>NULL</error>
        </field>
      </field_errors>
    </errors>
  </result>
  <status>1</status>
</result>

Promotion is configured with one unique {profile-key} such as email, user_name, or mobile_phone. At a minimum, the profile must have a {profile-value} for this key and {profile-value} must be unique within the promotion.

Additional key:value pairs may be submitted. The {apikey} may enforce rules on these pairs such as required vs optional, size limits and validation. Common examples of other keys are address, birthdate and optin. The name of a key must begin with a letter and consist of only lowercase ASCII letters, numbers and underscores.

Typically the {apikey} will be configured to require a CAPTCHA challenge/response in the request headers of an untrusted create profile request. A failed CAPTCHA is the same as a failed validation, resulting in a response of 400 Bad Request.

This URL is an entry point. It may be easily attacked because valid URLs are easy to guess. CAPTCHA protects against automated attacks.