This section is written for developers and describes the process to authorize calls agains the Uplyft Graph API.


Security has our highest priority. To access the Uplyft Graph API, developers have to authorize using either an App created using their company's business account, or a predefined credential provided by the Uplyft team . The following section is a step by step guide to gain access to our APIs.

Authorizing with App ID and Secret

Step 1: Create an Uplyft Account

Create an Uplyft Developer Account on This enables you to create both test and production events.

Step 2: Access your Business Account

Create an Uplyft business account. If your company already has a business account on Uplyft, please contact your admin or to get permissions to manage your business account.

Step 3: Create an App

Navigate to the Business Accounts / Apps section in your business account. Uplyft Apps enable you to create different touch-points/clients through which you want to pass events to the Uplyft platform. E.g. your Online-Shop, your Offline-Shop System, your customer service platform, etc.

Choose the App through which you want to push your first events to Uplyft. You can also create a new App.

Step 4: Access your App ID and Secret

Access the Settings section of your app. Each app has a test secret and a production secret. Use app ID and secret for Basic authorization.

  • Test secret: Using test secrets when creating events will not result in a transaction, events will not be billed and they will not affect your analytics.

  • Production secret: Using production secrets when creating events will result in a transaction, events will be billed and they will affect your analytics.

Warning: Keep your App ID and Secret safe and secret. It is meant for exclusive server-side use only. Never expose App IDs or Secrets to front-end client apps.

Step 5: Authorization

To secure the data which is transmitted it is required to use SSL (TLS) encryption for all POST requests send to the Uplyft Graph API. Make sure to use HTTPS in the Graph API URL as following:

Using the createEvent mutation or any other Uplyft API requires you to use the basic authentication scheme so that the sender of a request can be verified. The authorization header of a request needs to be set as follows:

Authorization: Basic {base64 encoded string of "app-id:app-secret"}

Once you are authorized, you can start by sending events using the dedicated Graph mutation described under Events.

Authorizing with Credential

A credential is provided by Uplyft in cases, when e.g. program-wide access is required.

To use it, call the Uplyft Graph API at the URL with the following Authorization header in requests:

Authorization: Bearer {Credential}

Credential authorization is currently only supported for the businessAccount query and the createEvent mutation