Guides
For Publishers
Start typing to search…

Get Started: Partner Integration

This guide will help you quickly understand your integration options, how to access and authenticate with our systems, and how to set up a sandbox environment for development and testing.

1. Integration Options

We offer two primary ways to ingest merchant and offer data into the Cardlytics platform:

A. [recommended] REST API

  • Recommended integration path due to full coverage of our entire integration endpoints, real-time data transfer, ease of use, and robust error handling.
  • Integrate directly with our endpoints using HTTP requests.
  • Supports immediate data updates and validation responses.
  • Supports our entire suite of integration endpoints (Merchant Ingestion, Offer Ingestion, Redemption Feed, and Performance Reporting)

B. [alternate, less preferred] SFTP (Secure File Transfer Protocol)

  • Limited support but may be better suited for partners with large daily data volumes changes, batch processing needs, or already established file-based workflows.
  • Upload JSON files on a scheduled or ad-hoc basis.
  • Ideal for periodic or bulk data transfers.
  • **Only covers a portion of our integration limited to Merchant Ingestion, Offer Ingestion, and Redemption Feed.
  • **Not recommended for partners leveraging our Performance Reporting as that is only offered via our REST API

Note:
Both REST API and SFTP use the same JSON schema for data formatting, ensuring consistency regardless of your chosen method. You may use either approach or a combination of both, but we recommend selecting a single primary integration path for simplicity and maintainability.

2. Access & Authentication

Your data security is our priority. Here’s how access and authentication work for each integration type:

Integration TypeAuthentication MethodAuthorization Controls
REST APIOAuth 2.0 (client credentials)Unique client IDs/secrets, access tokens, possible IP restrictions, API scopes
SFTPSSH Key AuthenticationUnique username, registered public key, allowed IPs, directory permissions

Summary:

  • REST API:
    • Secured with OAuth 2.0 client credentials flow.
    • You’ll receive a unique client ID and secret.
    • Access tokens are issued after successful authentication.
    • Additional controls: API scopes, optional IP allow listing.
  • SFTP:
    • Secured with SSH key authentication.
    • Each partner receives a unique username and a private SSH key (shared using PGP encryption).
    • Access will be restricted by source IP and directory permissions.

3. Set Up a Sandbox for Testing

Before integrating with our production systems, we strongly encourage you to use our sandbox environment. This allows you to test, explore, and validate your integration in a safe, isolated setting.

Need Help?

  • Developer Documentation: Comprehensive API references and SFTP guides are available in our API Reference and Integration Process respectively.
  • Support: Your account manager and technical team are here to help with onboarding, troubleshooting, and best practices.

Ready to get started?

Contact your Cardlytics representative to begin your integration journey today!

Updated 5 days ago

What’s Next