Profile Read API

Lexer provides its customers with a low-latency API for reading Profile data from within the Lexer CDP.

Although the uses of this API are open to the customer's imagination, we foresee most using this for:

• On-site personalisation: integrated with OSP platforms such as Optimizley, Adobe Experience Manager, etc
• In-Site, App, or Platform via custom integration to change the user experience of your digital platforms
• Real-time ad personalisation or bidding

However, this API is not intended to be used as a method of large scale extraction of data - such as exporting large segments of profile data. We provide customers with other, more scalable platforms, to deliver to those use cases.

Authentication

Securing the Profile Data API is a primary concern and needs to be designed in collaboration with the owner of the platforms consuming this API.
The caution here is that light security could result in unwanted figures being able to request profile data - essentially being able to access all the profile data held within the Lexer CDP.

To overcome this, we work with the Customer and platform owner to implement a series of authentication and security controls specific to the use case. These may include:

• Whitelisted IP addresses for server-to-server communication
• API keys with limited scope for data extraction
• CORS for server-to-browser/app communication
• The setup of a customer-owned proxy to prevent public access without internal authentication

Regardless of the solution determined, Lexer also rate limits and has alerting built into the API to ensure outlier requests are handled with the utmost caution.

Hub permissions

To be able to use this API, your account will need specific Hub permissions. You could adjust your Admin Group permissions, or create an entirely new group eg. API Permission, depending on your needs.
Whichever group you decide to use will need:

• Edit Teams (allows you to create and update API tokens).
• Access to Segment & Compare (allows you to see all attributes).
• You may also need to add to the Allowed Attributes section. You can add a wildcard (eg au.com.fitness*), or specific attribute keys. For more information about how to do this, read our Manage Team article.

Please reach out to Support, or your Success manager, if you need any help.

Rate limiting

To prevent misuse of the Profile Data API, the API is rate limited within boundaries agreed with the Customer upon setup.

This is defined as the number of requests per minute permitted before returning a 429 Too Many Requests response code to the requester.

Lexer monitors the number of requests for billing and security purposes, these reports can be provided to customers to help alter rate limiting rules to ensure platform performance and cost management.

By default, the rate limit for each API key is set to 10 requests per second. However, it can be increased for your use cases by contacting support at support@lexer.io (support@lexer.io).

Profiles

The Profile Read API accepts POST requests only, and returns JSON upon return.

Lookups

API requests are made by providing a known identifier of the profile you would like to load data of. Depending on your CDP data set and configuration, you will likely be able to look up via:

• [.code]email[.code]
• [.code]email_sha256[.code]
• [.code]customer_id[.code]
• [.code]mobile[.code]

It is possible to customise the supported links for a customer in particular use cases, however, may require additional configuration of the CDP.

Responses.

Internally, Lexer attempts to find the profile with the link type matching the provided link value.
We respond with one of the following 4 HTTP codes:

In the scenario of a 200 response, the JSON payload will contain the Profile attributes configured to be exposed by the API...

‍