Award token

From ePrize Developers Wiki

Revision as of 18:32, 6 April 2011 (edit) Wikiadmin (Talk | contribs) ← Previous diff		Revision as of 18:33, 6 April 2011 (edit) (undo) Wikiadmin (Talk | contribs) Next diff →
Line 13:		Line 13:
	|title=Successfully Awarding a Token		|title=Successfully Awarding a Token
	|summary=This demonstrates successfully awarding a token to a user.		|summary=This demonstrates successfully awarding a token to a user.
-	|request=profile: http://{client}.api.promo.eprize.com/v1/{apikey}/profile/{uid}	+	|request=profile: http://{client}.api.promo.eprize.com/v1/{apikey}/profile/{uid}.{webkey}
	|responsecode=201 Created		|responsecode=201 Created
	|responseloc=/v1/{apikey}/game/{game}/token/{token}		|responseloc=/v1/{apikey}/game/{game}/token/{token}

---

Revision as of 18:33, 6 April 2011

API Home Page :: Games and Awards

Summary

Award the profile a token. A token is redeemed during an instant win play. The instant win game cannot be played without a valid token.

Resource

/v1/{apikey}/game/{gameid}/tokens

Valid Methods

POST

Resource Arguments

Note: resource arguments are always required.

apikey: Your API Key.

gameId: Game Identifier for the Sweepstakes into which the entry will be awarded. (A constant value provided to you by ePrize)

Parameters Required

profile: Canonical Location of a user profile. See: Fetch Profile by Key.

Example: Successfully Awarding a Token

Summary

This demonstrates successfully awarding a token to a user.

Request

profile: http://{client}.api.promo.eprize.com/v1/{apikey}/profile/{uid}.{webkey}

Response

HTTP Status Code: 201 Created

HTTP Redirect Location: /v1/{apikey}/game/{game}/token/{token}

<?xml version="1.0" encoding="UTF-8" ?>
<result ver="1.0">
  <token>
    <id>{token}</id>
    <profile>{profile}</profile>
    <game>{game}</game>
    <redeemed>false</redeemed>
  </token>
</result>

Notes

The {profile} value that is seen in the request and response of this call is the canonical URL of the profile that the token should be awarded to.

This URL can be easily attacked by the owner of a profile because the owner knows his own canonical profile URL. Award limits create an upper bound on the attack damage.

Example: Awarding Token to Invalid Profile

Summary

This demonstrates attempting to award a token to a profile resource that doesn't exist.

Request

profile: foo

Response

HTTP Status Code: 400 Bad Request

<?xml version="1.0" encoding="UTF-8"?>
<result ver="1.0">
  <reason>Unable to validate the provided profile.</reason>
  <status>0</status>
</result>

Example: Awarding Token to a Limited Profile

Summary

This demonstrates attempting to overaward tokens to a user. For example, the promotion is setup to give out 3 tokens per day per user, and this would be a users 4th attempt in one day.

Response

HTTP Status Code: 403 Forbidden

<?xml version="1.0" encoding="UTF-8"?>
<result ver="1.0">
</result>