Passes Integrators
by CRM.COM

Passes Integrators

Introduction

The passes integration guide provides the necessary information for a third party system to integrate with CRM.COM, for the purpose of managing passes and posting purchases using a pass.

This guide covers gift and top-up passes in both printed and electronic formats, promotion passes are not within the scope of this integration guide.

Getting Started

What are passes?

A pass has carries an initial value and once redeemed the contact wallet is credited in order to use the money to pay for all or part of a purchase.

Passes can be configured to have the following attributes:

  • One of two types: Gift or Top-up
  • Available in electronic or printed format
  • Fixed or variable value
  • Validity period whereby a pass must be redeemed
  • Unique codes
  • Option to hash pass codes using the SHA-1 algorithm
  • Optional PIN to provide additional security

Wallets

CRM.COM uses the eWallet concept to manage a contact’s money, i.e. once a pass has been redeemed, the contact’s wallet is credited with the value of the pass. The wallet is then subsequently debited during each purchase until the wallet funds have been consumed.

Gift Passes

A gift pass would normally be bought and offered as a gift to another person, who, in turn uses it during a purchase as a form of payment without having to provide any personal information. Gift passes can also be purchased and used by the same person, and reloaded multiple times for continuous use.


Top-up Passes

A top-up pass is typically bought and used by a consumer to top-up their own wallet with an amount of money. The consumer must be a registered contact in CRM.COM, with some sort of identifiable personal information (e.g. phone number or email). Top-up passes are single-use only, and are no longer valid once redeemed.


Using the pass code as identification

Once redeemed the actual pass no longer has a value. However, in the case of a gift pass being used by an unknown contact, the pass code must continue to be provided when purchasing, in order to identify the contact and thus the wallet to be used.

IMPORTANT

The integration flows covered in this guide assume that the relevant pass plans have already been created for the necessary pass types. This can be accomplished via the back-end system.
Specifically:

  • For printed passes - create the pass plan and generate the passes, the passes should be in Draft state
  • For electronic passes - create the pass plan

It’s also possible to configure pass plans through APIs but this falls outside the scope if the integration guide.

API Documentation
API Reference

CRM.COM API is organized around REST. Our API has specific resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses and uses standard HTTP response codes, authentication & verbs.

You can use the entire API in test mode, which does not affect your live data. The API Key used to authenticate any of your requests will determine whether the request is on live mode or test mode.

The API may differ based on each CRM.COM release. For every new release with noticable changes that might alter backwards compatibility, a new version will be created.

API SPECIFICATION

For a detailed guideline of our APIs, you can checkout our Back-Office API specification.

Authentication

CRM.COM API uses either API Keys to authenticate requests or an authentication JWT token obtained from a user successful logging in process.

All API requests made by POS & eCommerce integrators should authenticate using an API (Secret) Key, which can be accessed and managed from the CRM.COM Dashboard.

SECURITY NOTICE

All API requests must be made over HTTPS. Any request made over plain HTTP or without authentication will fail. In addition, API Keys carry many privileges, so be sure to keep them secure! Do not share your secret API Keys in publicly accessible areas, such as GitHub or client-side code.

API KEY AUTHORIZATION HEADER EXAMPLE

curl -X $HTTP_METHOD -H "api_key: 2189341e-981e-9ad5-9912-11101670314a"
Requests

API requests should be made using the HTTPS protocol so that traffic is encrypted. The interface responds to different methods depending on the action required.

Method Usage
POST To create a new object, your request should specify the POST method. The POST request includes all of the attributes necessary to create a new object to the targeted endpoint.
PUT To update the information on an existing object, the PUT method should be used. This will update the specified object if it is found using the provided values, regardless of their current values. If it is not found, the operation will return a response indicating that the object was not found. This idempotency means that you do not have to check for a resource’s availability prior to issuing an update command, the final state will be the same regardless of its existence. Requests using the PUT method do not need to check the current attributes of the object.
DELETE To remove an existing object from your environment, the DELETE method should be used. Similar to PUT method, the DELETE method is idempotent.
GET For retrieving information about customers, purchases or orders, the GET method should be used. Any requested information will be returned as a JSON object. The attributes defined by the JSON object can be used to form additional requests. Any request using the GET method is read-only and will not affect any of the retrieved objects.
Responses

Along with the HTTP methods that the API responds to, CRM.COM uses conventional HTTP response codes and human-readable messages in JSON format to indicate the success or failure of an API request.

In the event of a problem, the status will contain the error code, while the body of the response will usually contain additional information about the problem that was encountered.

HTTP Status Description
2XX Return codes in the 200 range indicate that the request was fulfilled successfully and that no error was encountered.
4XX Return codes in the 400 range, typically, indicate that there was an issue with the request that was sent. Most common reasons could be an invalid authentication method, unauthorised requests or the object that you are requesting does not exist.
5XX Return codes in the 500 range indicate that there is a server-side problem and CRM.COM cannot fulfill your request at the moment.

Most of our 4XX range errors that could be handled programmatically contain all the necessary details for a better integration handling. Such details are

  • HTTP Status Code & Error are used for programmatic consumption
  • Message is human-readable and can be used as a default error message
  • Parameters are used for programmatic consumption and can be used for enhancing the interface error message with additional information

4XX ERROR RESPONSE EXAMPLE

An example of a customer not found error is as follows

HTTP/1.1 400 Bad Request
    {
        "status": 400,
        "message": "Record not found.",
        "error": "CRM.EXCEPTIONS.NOTFOUNDEXCEPTION",
        "parameters": [
            "contact",
            "789dacae-cf71-414f-9483-ca88acaa46432"
        ]
    }
Response Codes

Below is a list of our common HTTP response codes that can be returned.

200 OK

The request has succeeded

400 Bad Request

The input request was invalid or incorrect, often due to missing a required parameter

401 Unauthorized

The input request was invalid or incorrect, often due to missing a required parameter

403 Forbidden

The API key or Token does not have permissions to perform the request

404 Not Found

The requested resource does not exist

500 Internal Server Error

The server encountered an unexpected condition which prevented it from fulfilling the request

502 Bad Gateway

The server received an invalid response from the upstream server it accessed in attempting to fulfill the request

503 Service Unavailable

The server is currently unable to handle the request due to a temporary overloading or maintenance

504 Gateway Timeout

The server did not receive a timely response from the upstream server

Core Flows

This section covers the integration flows between CRM.COM and a third-party system for electronic & printed, gift & top-up passes. A typical flow would be:

  • Activate a pass (for printed passes)
  • Load a pass with an initial value
  • Redeem a pass
  • Purchase using wallet funds
  • View a contact’s wallet balance
Initial load of a pass

This action loads a pass with money, and is necessary only for those cases where a pass was generated without an initial value. The following steps should be performed when such a pass is purchased, and prior to being redeemed.
STEP 1 Validate a pass (and pin)
Retrieve the pass id
STEP 2 Update Pass https://speca.io/CRM/backoffice-admin#update_pass
Set the pass value		 Path variables
- id = the pass id retrieved from step 1

Request body
- initial_load = value of the gift pass

Response 200
- id = the id of the successfully updated pass
NOTES
  • This call can also be combined with the Activate a printed pass call.
  • See sample API calls by following the links in each step above.
Redeem a pass

The process for redeeming a pass differs depending on whether an electronic/printed, or gift/top-up pass is being redeemed. The final result though is the same, i.e. a contact’s wallet is credited with the value of the pass.

Before a pass is redeemed it must be in Active state and have a value.

REDEEMING A GIFT PASS FOR AN UNKNOWN CONTACT
A new, unknown contact will be created in the system using the gift pass code as the name and surname, and the contact’s wallet will be credited with the pass value. As there are no contact details relating the pass to the actual person, the new contact is identifiable only by the gift pass code. This API call would typically be used for redeeming printed gift passes.
STEP 1 Redeem Pass https://speca.io/CRM/backoffice-admin#redeem_pass
Credit the newly created contact’s wallet with the value of the pass		 Request body
- code (the pass code) OR pass_code_hash (the hashed pass code)
- pin (the pass code pin, if applicable)

Response 200
- id = the id of the pass that has been successfully redeemed

REDEEMING A TOP-UP OR GIFT PASS FOR A REGISTERED CONTACT
The contact redeeming the pass must be an existing contact in the system, once the contact has been identified, their wallet is credited with the pass value. This flow is appropriate for electronic top-up and gift passes, and also for printed top-up passes.

If a pass has been generated with a contact_id (i.e. for a specific contact), any attempt to redeem the pass for another contact will result in the pass being redeemed for the eligible contact.
STEP 1 Identify the Contact
Identify the contact and retrieve the contact id and wallet id
STEP 2 Redeem Pass https://speca.io/CRM/backoffice-admin#redeem_pass
Credit the contact’s wallet with the value of the pass		 Request body
- code (the pass code) OR pass_code_hash (the hashed pass code)
- pin (the pass code pin, if applicable)
- contact_id = the contact id retrieved from step 1
- wallet_id = the wallet id retrieved from step 1

Response 200
- id = the id of the successfully redeemed pass
NOTES
  • Each pass can only be redeemed once. Upon successful completion the pass status becomes Redeemed.
  • This flow can also be combined with the flow of purchasing a pass, or as part of the first purchase using the pass.
  • See sample API calls by following the links in each step above.
Purchase using wallet funds

This API call must to be submitted every time a contact makes a purchase with the intent of consuming wallets funds. If successfully completed, then the contact’s wallet will be debited with the spent amount.

Passes with pins
If the pass has an associated pin, then the pin must also be provided for completion of the purchase. If the pin validation is successful - the purchase event will be created and the wallet funds will be adjusted accordingly, however, if the pin validation fails - the purchase event will not be created and wallet funds will not be consumed.
STEP 1 Identify the Contact
This step is necessary if the contact is an identifiable contact (e.g. using phone, email, contact code), and can be omitted for unknown contacts using gift passes
STEP 2 Create Purchase https://speca.io/CRM/backoffice-admin#create-purchase-customer-event
Submit a purchase transaction with the intent of consuming wallets funds		 Request body
- cim (the gift pass code or gift pass hashed code) OR contact_id retrieved from step 1
- pass.type (the pass type - GIFT or TOP_UP)
- pass.pin (if the pass has an associated pin then it must be provided)
- performed_on (transaction date in epoch format)
- reference_number (transaction reference number)
- merchant_tap.code (code of merchant transaction acquiring point/POS) OR outlet_tap.code (outlet TAP/POS code) OR organisation_id (id of organisation from where purchase is being submitted)
- reduction_method = FRONT_END
- spend_request.amount (wallet amount to be spent)
- spend_request.restrict_fully_covered = set to TRUE if purchase event should only be submitted when the wallet funds can cover the whole spend_request.amount, otherwise set to FALSE
- net_amount (net amount of purchase)
- tax_amount (purchase tax amount)
- total_amount (total transaction value)

Response 200
- spend_on_request = The actual wallet funds spent (this is subject to the restrict_fully_covered flag).
* If restrict_fully_covered = FALSE then the call will not fail if there are insufficient wallet funds
* If spend_request.amount has not been set, then response value will be null
* If spend_request.amount is greater than available wallet funds, then available wallet funds will be consumed, and response value will be the actual spent amount
* If spend_request.amount has been set but wallet funds = 0, then response value will be 0.00 (zero)
* If restrict_fully_covered = TRUE then the call will fail if there are insufficient wallet funds

Response 400
Exception: COM.CRM.EXCEPTIONS.SPENDAMOUNTNOTFULLYCOVEREDEXCEPTION
Message: Cannot submit purchase successfully as the requested spend amount is not fully covered from the available wallet balance.
Exception: FINANCE.EXCEPTIONS.INVALIDPASSPINEXCEPTION
Message: Invalid Pass Code or Pin.
NOTES
  • See sample API calls by following the links in each step above.
View a contact's wallet balance

Call this API to retrieve the available wallet balance (remaining pass amount) for a contact. If the pass code has an associated pin, then the pass and pin must be validated first.
STEP 1 Validate a pass (and pin)
Verify the pass code and pin (if applicable)
STEP 2 Identify the contact
Identify the contact and retrieve the wallet balance
NOTES
  • See sample API calls by following the links in each step above.
Cancel a purchase

This procedure cancels a purchase transaction, any wallet funds spent during the purchase will be refunded to the wallet.
STEP 1 Search Purchases https://speca.io/CRM/backoffice-admin#list-purchases
Locate the purchase		 Request parameters
- reference_number (transaction reference number submitted in Create Purchase API)

Response 200
- id (the purchase id)
STEP 2 Cancel Purchase https://speca.io/CRM/backoffice-admin#cancel-purchase-customer-event
Cancel the purchase		 Path variables
- id = the purchase id retrieved from step 1

Response 200
- id (the cancelled purchase id)
NOTES
  • See sample API calls by following the links in each step above.
Adding more funds to a wallet

This process would normally take place after the wallet funds for a redeemed gift pass have been consumed, in effect a contact’s wallet is topped-up with an additional amount of money so that it can continue to be used for future purchases.

In the case of an unknown contact using a gift pass, then they can continue to use the gift pass number for identification purposes. If the gift pass has an associated pin then it must be validated first.
STEP 1 Validate a pass (and pin)
Verify the gift pass and pin (if applicable)
STEP 2 Identify the contact
Identify the contact, retrieve the wallet id and the current balance
STEP 3 Create Topup https://speca.io/CRM/backoffice-admin#create-topup
Add more funds to a contact’s wallet		 Request body
- wallet_id (the wallet id retrieved from step 2)
- topup_date (date in epoch format)
- amount (top-up amount)
- payment_method = CASH or CARD (payment method used for topping-up the wallet)

Response 200
- id = id of the top-up transaction created
NOTES
  • This procedure can only be performed once a gift pass has been redeemed
  • See sample API calls by following the links in each step above.
Validate a pass (and pin)

This API will typically be called prior to other API calls to check whether a pass code is valid, and to also validate the pin (if applicable), if the request is successful a pass id is retrieved for subsequent API calls.
STEP 1 List Passes https://speca.io/CRM/backoffice-admin#list_passes Request parameters
- pass_code (the pass code) OR pass_code_hash (the hashed pass code)
- pin (the pass pin if applicable)

Response 200
- code - the pass code (available only if pass code and pin match)
- id - the pass id (available only if the pass code and pin match)
NOTES
  • The response also contains other pass details wich may be of interest, see sample API calls by following the links in each step above.
Identify the contact

This API call is necessary when a contact needs to be verified, it can be used in conjunction with a number of other flows such as submitting a purchase transaction.
STEP 1 List Contacts https://speca.io/CRM/backoffice-admin#list-contacts
Request parameters
- cim = the gift pass code OR gift pass hashed code, OR email_address = the contact’s email address, OR phone_number = the contact’s phone number, OR code = the contact’s unique code
- include_financials = yes

Response 200
- contact_id (the contact’s unique identifier)
- contact_name (contact’s name)
- financials.wallet_id (the contact’s wallet id)
- wallet.open_balance (this money can be used without restrictions)
- wallet.commerce_balance (these funds may be subject to spending conditions)
- wallet.balance (the current wallet balance, i.e. the open balance + the commerce balance)
NOTES
  • The response also contains other details which may be of interest, see sample API calls by following the links in each step above.
Change a pass pin

Perform these API calls to change the pin of an existing pass. For security reasons it’s recommended that the old pin be validated first before the new one is set.
STEP 1 Validate a pass (and pin)
Verify the pass code and pin
STEP 2 Update Pass https://speca.io/CRM/backoffice-admin#update_pass
Set the new pin		 Path variables
- id = the pass id retrieved from step 1

Request body
- pin (the new pin)

Response
- pass = the id of the updated pass
Notes
  • See sample API calls by following the links in each step above.
Update pass expiration date

Perform these API calls to change the expiration date of an existing pass. Note that the pass expiration date indicates the date that a pass can be redeemed by, and does not relate to the expiration of the pass value.
STEP 1 Validate a pass (and pin)
Verify the pass code and optional pin
STEP 2 Update Pass https://speca.io/CRM/backoffice-admin#update_pass
Set the new expiry date		 Path variables
- id = the pass id retrieved from step 1

Request body
- expiration_date (the new expiry date in epoch format)

Response
- pass = the id of the updated pass
Notes
  • See sample API calls by following the links in each step above.
Cancel a Pass

This sequence of API calls changes the state of a to Cancelled so that it can’t be redeemed.
STEP 1 Validate a pass (and pin)
Retrieve the pass id
STEP 2 Update Pass https://speca.io/CRM/backoffice-admin#update_pass
Cancel the pass		 Path variables
- id = the pass id retrieved from step 1

Request body
- life_cycle_state = CANCELLED
NOTES
Get pass information

This sequence of API calls retrieves the details of a single pass. It’s recommended that the pass code and pin are validated first for security reasons in cases where the pass has an associated pin.
STEP 1 Validate a pass (and pin)
Retrieve the pass id
STEP 2 Get Pass https://speca.io/CRM/backoffice-admin#get-pass
Retrieve pass informtion		 Path variables
- id = the pass id retrieved from step 1

Response 200
Not all response details are covered hereunder, these are an example of the details available:
- code (pass code)
- value (initial pass value)
- currency (pass currency code)
- recipient.id (unique identifier of the contact who redeemed the pass)
- recipient.name (name of the contact who redeemed the pass)
- recipient.code (code of the contact who redeemed the pass)
- life_cycle_state (pass state can be one of Draft, Active, Cancelled, Redeemed)
- pin (pass code associated pin - if applicable)
Printed Passes

Printed passes are physical passes typically in the form of a card, they are pregenerated, sold over the counter and available in two types - Gift and Top-up.

Gift passes

Gift passes are usually bought and offered as a gift to another person.

Scenario

  • A customer visits a shop, purchases a gift pass at the till and asks for it to be loaded with EUR50
  • The shop assistant activates the gift pass, and loads it with EUR50
  • The gift pass is given to a friend as a birthday gift
  • The pass holder either visits the shop and provides the gift pass at the till to pay for goods or services purchased, or navigates to an eCommerce site and purchases using the gift pass code
  • The desired amount is deducted from the gift pass (wallet)
  • The pass holder is informed of the remaining wallet amount
  • If the whole wallet amount has not been consumed, then the gift pass can be used again for future purchases

Top-up passes

A Top-up passes would normally be used by the person who bought it to add money to an eWallet. Top-up passes are single-use and then disposed of.

Scenario

  • A customer visits a shop and asks to purchase a top-up pass worth EUR20
  • The shop assistant activates the top-up pass worth EUR20 and gives it to the customer
  • The customer redeems the top-up pass by providing the pass code and optional pin
  • The customer’s wallet is credited with EUR20
  • The wallet balance is debited to pay for a purchase or a service
  • The customer can view their remaining wallet amount

The flows included in this guide assume that the passes have already been created and printed with either a variable value (e.g. EUR10 - EUR100), or a fixed value (e.g. EUR50) and an optional pin.

Activate a printed pass

This sequence of API calls changes the state of a printed pass from Draft to Active so that it can be redeemed.
STEP 1 Validate a pass (and pin)
Retrieve the pass id
STEP 2 Update Pass https://speca.io/CRM/backoffice-admin#update_pass
Activate the pass		 Path variables
- id = the pass id retrieved from step 1

Request body
- life_cycle_state = ACTIVE
NOTES
  • Printed passes can also be activated in bulk via the back-end system prior to being distributed to selling points.
  • Only passes in Draft state can be activated.
  • Electronic passes are activated by default upon creation.
  • This API process can also be combined with the Initial load of a pass in cases where the pass value will be set at time of purchasing (i.e. for variable value passes)
  • See sample API calls by following the links in each step above.
Electronic Passes

Unlike printed passes, electronic passes are generated on demand and sold electronically in two types - Gift and Top-up. When an electronic pass is succefully generated, it is also automatically activated by the same process, so there is no need to explicitly activate it. In addition, a preconfigured default communication is sent to the recipient.

Gift passes

Gift passes are usually bought and sent as a gift to somebody else, although they can also be purchased and consumed by the same person.

Scenario

  • A consumer navigates to a portal and purchases a gift pass worth EUR70 for a friend. The recipient’s name and email are provided along with a message from the sender
  • The recipient receives an email communication informing them that they have been sent a gift pass. The email includes the sender’s name and message, the pass code, value of the pass and the pin (if applicable)
  • The pass holder visits an eCommerce site, selects the products or services to purchase and enters the gift pass code (and pin) during the checkout process
  • The gift pass is redeemed during the initial purchase, the desired amount is deducted from the gift pass (wallet)
  • The pass holder is informed of the remaining wallet amount
  • If the whole wallet amount has not been consumed, then the gift pass can be used again for future purchases

Top-up passes

A Top-up can only be issued for an existing contact, and would normally be used by the person who bought it to add money to their wallet. Top-up passes are single-use and then disposed of.

Scenario

  • A contact (consumer) visits a web portal where they are registered and purchases a top-up pass worth EUR20
  • The contact receives a communication notifying them of their pass code (and optional pin)
  • The contact redeems the top-up pass by providing the pass code (and optional pin)
  • The contact’s wallet is credited with EUR20
  • Part of the wallet funds are spent to pay for a purchase or a service
  • The contact can view their remaining wallet amount

Automations & communications

When an electronic pass is created, an automatic message is communicated to the receiver with the pass code information. This message can be overridden by creating an automation - refer to the Platform manual for futher information.

Automations can also be configured to trigger webhooks upon creation of both printed and electronic passes.

Generate an electronic pass

This procedure creates an electronic pass. Both gift and top-up passes can be created in a similar manner but with some minor differences:

  • An electronic gift pass can be generated for an unknown contact, or for an existing contact (can only be redeemed by that specific contact)
  • The call to generate an electronic gift pass can also include the gift sender information (i.e. name & a message)
  • Top-up passes can only be generated for existing contacts

All scenarios for creating a pass are covered in the flows below, if in some cases parameters are optional then this will be stated as such.

STEP 1 List Pass Plans https://speca.io/CRM/backoffice-admin#list_pass_plans
State the pass plan name and retrieve the respective id		 Request parameters
- search_value (the unique pass plan name)

Response 200
- id (pass plan id)
STEP 2 Identify the contact
This step is only required if the pass is being created for an existing contact in the system, locate the contact and retrieve the contact id and wallet id
STEP 3 Create Pass https://speca.io/CRM/backoffice-admin#create_pass
Submit the request to generate an electronic pass		 Request body
- pass_plan_id (retrieved from step 1)
- pass_value (specify the value of the pass - will only be considered if the pass plan is of variable value)
- gift_sender.name (for gift passes - name of the person sending the gift pass)
- gift_sender.message (for gift passes - message sent by the gift sender)
- recipient_name (name of pass recipient, for inclusion in communication)
- recipient.medium_type (EMAIL or SMS - method of communicating pass info to recipient)
- recipient.medium_value (recipient email address or phone number for communicating pass info)
- recipient.country_code (3 character country code if using phone number, e.g. CYP)
- recipient.registered_contact.contact_id (contact_id retrieved from step 2, valid only for existing contacts)
- recipient.registered_contact.wallet_id (wallet_id retrieved from step 2, valid only for existing contacts)

Response 200
- id (unique id of newly created pass)
NOTES
  • Electronic passes are generated with a default life cycle state of Active so there is no need to activate the pass using a separate action.
  • A pass plan must be created either via the back-end system or API call (https://speca.io/CRM/backoffice-admin#create_pass_plans) prior to generating a pass. Pass plans define the characteristics which are inherited by the passes.
  • If the pass is being created for a non-existing contact and the recipient information (i.e. sms/email) is not provided, then the pass communication will not be sent.
  • If the pass is being created for a registered contact, but no recipient information is provided, then the sysem will attempt to send the pass communication to the phone or email address on the contact record (if available).
  • See sample API calls by following the links in each step above.