Integrate Marta
This section explores how to build and implement robust and scalable integrations with MARTA.
Before getting started, we recommend reviewing the Structure chapter to better understand MARTA's architecture.
Approfondisci:
Create a deeply personalized customer experience by integrating MARTA.
Design your own custom promotional engine by selecting from the full range of features offered by MARTA.
You can build and globally manage your loyalty campaigns across one or more networks. You can integrate these features into your POS and Web POS terminals to manage operations directly at the point of sale, including the creation of new sub-networks and campaigns with the corresponding access permissions.
MARTA's extensive functionality and segmentation allow for highly flexible implementation, at the campaign level, network level, or across individual components.
You can fully leverage MARTA's capabilities by registering movements and transactions, managing prize catalogs, creating promotions and Instant Win contests, and handling various card types and categories.
MARTA also supports the management of co-marketing campaigns, ticketing, point and credit wallets, and the secure and versatile acquisition of customer profiles.
MARTA provides RESTful services structured by access levels and predefined privileges.
Access is managed through a two-step authentication system: the initial authentication occurs via an api-key issued directly by MARTA to each authorized third-party application. Once authenticated, a signed and validated JWT (JSON Web Token) is issued, which must be included in the headers of all subsequent requests.
This implementation supports granular permission control via scopes and roles.
This approach enhances security and traceability, reduces the need for repeated authentication, and allows for more efficient session management.
Explore the different types of APIs provided by MARTA.
Authentication
Once you've received your api-key, you can authenticate access levels via the Auth APIs.
Auth APIs manage authentication to ensure access to all other types of APIs by providing an authorization token. The main endpoints are POST /auth and POST /auth/refreshToken.
To specify the type of access being requested, include the appropriate scope in your POST /auth request from the following options:
• "terminal" – access to Terminal APIs,
• "backoffice" – access to Backoffice APIs,
• "customer" – access to Customer APIs (Pre and Post Login),
• "terminal-backoffice" – access to both Terminal and Backoffice APIs,
• "customersynchro" – access to parts of the Customer APIs that do not require user-level authentication,
• "product" – access to external Product management APIs,
• "prize" – access to external Prize and Reward Catalog APIs.
The response to the POST /auth request includes two tokens: a Bearer Token, to be used in the header of future API requests, valid for 15 minutes, and a Refresh Token, to be used within 60 minutes in the POST /auth/refreshToken call to renew the authorization token if expired.
For more technical details, explore the Authentication Tutorial.