Important Practices

Protect your platform keys

NEVER transmit your platform keys via email or any other unsecured method. Design your system to allow for routine key changes. Change your keys immediately when employees who had access to the keys leave. If you suspect any suspicious activity on your platform, change your keys. Rotating to new keys on a schedule is also advisable, keys are managed through the Reward Genius Web Application.

For more information on industry best practices in this area see OWASP Top 10, #2

Timeouts & Incremental retry & External Reference ID

Network vagaries, infrastructure and supplier factors mean occasional network errors are inevitable and must be planned for. For this reason, we recommend holding a connection open 15 seconds before terminating a call with no response.

Additionally, we strongly recommend that you build an “exponential back off” or similar retry algorithm in which the timeout value for retry increases after each unsuccessful attempt. Exponential retries are well-documented elsewhere and beyond the scope of this document.

Lastly, note that order requests receiving a 5XX error may occasionally process after a network connection is lost. For this reason we strongly recommend you make use of the External Reference ID idempotent parameter to ensures duplicate orders are not created when you retry a failed order.

Balance Alerts

The RaaS API allows you to check an account balance at any time with the Get Account resource, but it does not have low balance alerts at this time. We recommend building in a balance check and alert system if you anticipate the need to re-fund accounts on a regular basis.

Parsing

Please take note of our Versioning and build your implementation accordingly. When possible, we will add additional functionality to the current version of the API in order to better serve existing customers.


What’s Next

Back To Test Console...

    Rewards as a Service™ and the RaaS® API are provided by Tango Card, Inc. © 2024 Tango Card, Inc.