Profile read API

Lexer provides its customers with a low-latency API for reading Profile data from within the Lexer CDP.

Although the uses of this API are open to the customer's imagination, we foresee most using this for:

  • On-site personalisation: integrated with OSP platforms such as Optimizley, Adobe Experience Manager, etc
  • In-Site, App, or Platform via custom integration to change the user experience of your digital platforms
  • Real-time ad personalisation or bidding

However, this API is not intended to be used as a method of large scale extraction of data - such as exporting large segments of profile data. We provide customers with other, more scalable platforms, to deliver to those use cases.

Please note
Access to the Profile Read API requires configuration with the Lexer team as security is of the utmost importance.


Securing the Profile Data API is a primary concern and needs to be designed in collaboration with the owner of the platforms consuming this API.
The caution here is that light security could result in unwanted figures being able to request profile data - essentially being able to access all the profile data held within the Lexer CDP.

To overcome this, we work with the Customer and platform owner to implement a series of authentication and security controls specific to the use case. These may include:

  • Whitelisted IP addresses for server-to-server communication
  • API keys with limited scope for data extraction
  • CORS for server-to-browser/app communication
  • The setup of a customer-owned proxy to prevent public access without internal authentication

Regardless of the solution determined, Lexer also rate limits and has alerting built into the API to ensure outlier requests are handled with the utmost caution.

Authentication with API Tokens

You can find detailed instructions about how to set up an API Token in our Authentication and API token creation article. Make sure you select the Profile Read  API Type when generating a token.

Hub permissions

To be able to use this API, your account will need specific Hub permissions. You could adjust your Admin Group permissions, or create an entirely new group eg. API Permission, depending on your needs.
Whichever group you decide to use will need:

  • Edit Teams (allows you to create and update API tokens).
  • Access to Segment & Compare (allows you to see all attributes).
  • You may also need to add to the Allowed Attributes section. You can add a wildcard (eg*), or specific attribute keys. For more information about how to do this, read our Manage Team article.

Please reach out to Support, or your Success manager, if you need any help.

Rate limiting

To prevent misuse of the Profile Data API, the API is rate limited within boundaries agreed with the Customer upon setup.

This is defined as the number of requests per minute permitted before returning a 429 Too Many Requests response code to the requester.

Lexer monitors the number of requests for billing and security purposes, these reports can be provided to customers to help alter rate limiting rules to ensure platform performance and cost management.

For more detail about our rate limits, have a look at our Rate limits article.


The Profile Read API accepts POST requests only, and returns JSON upon return.


API requests are made by providing a known identifier of the profile you would like to load data of. Depending on your CDP data set and configuration, you will likely be able to look up via:

  • [.code]email[.code]
  • [.code]email_sha256[.code]
  • [.code]customer_id[.code]
  • [.code]mobile[.code]

It is possible to customise the supported links for a customer in particular use cases, however, may require additional configuration of the CDP.


Please note
Profiles can only be accessed one at a time, as the use case for our PDaaS API is to power personalisation use cases, not exports or large transfers. Lexer has other, more scalable methods, of transferring high volumes of profiles, contact us for more information.

Internally, Lexer attempts to find the profile with the link type matching the provided link value.
We respond with one of the following 4 HTTP codes:

In the scenario of a 200 response, the JSON payload will contain the Profile attributes configured to be exposed by the API...

Please note
The data exposed by the API is configured on an API by API basis. Meaning each Customer can configure which data is exposed for specific API credentials - allowing one implementation to access more data than the next in an attempt to limit the inherit risk of such public-facing APIs.

That's a wrap

In this article, we've delved into the capabilities of Lexer's Profile Read API. It offers a wealth of possibilities, from personalized on-site experiences to real-time ad personalization. If you're keen to explore this powerful API and need some more help, don't hesitate to reach out to your Success manager.

October 11, 2023
Did this page help you?
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form, for assistance please contact