TWIPLA logo
API docs by Redocly

TWIPLA 3AS API (3.0.0)

Download OpenAPI specification:

TWIPLA Dev Team: contact@twipla.com Terms of Service

Concepts

Terms

  • INTP (Integration Partner) The company that is integrating the analytics as a service solution (3AS)
  • STPs (Server Touchpoints) Credits used to measure data usage for a given website
  • Customer (INTPC integration partner customer) One user of the INTP, can have many websites
  • Website The website where data will be tracked. It has a subscription with a package with a certain limit of STPs. This subscription can be upgraded or downgraded. When the website is created a tracking code snippet is returned that must be embedded within the websites HTML.
  • Package A package has a price and contains a certain number of STPs. They are used when upgrading/downgrading the subscription of a website.

General

The Twipla 3AS approach relies on a straightforward flow of data that can be easily integrated into any backend system.

  1. First thing in the integration process a public/private key must be created. The resulting public key is shared with TWIPLA
  2. The INTP account is created resulting in an intpId (that can be used to create tokens) and a default set of packages
  3. The INTP is then free to create customers and websites with any package

Most endpoints that deal with customers or websites support an external ID which can be provided and then used for all following requests.

For example creating a new customer with a website requires an intpCustomerId and an intpWebsiteId. These must be provided by the INTP and are intended to make integrations easier because there is no need to save any external IDs. Then when getting data about a customer the request is done using the same intpCustomerId provided on creation.

Example implementation flow

  1. Create a new customer with a website
  2. Inject the resulting tracking code in the website's HTML
  3. Create the TWIPLA Dashboard url
  4. Show an iframe to the user with the url created previously
  5. Show a modal to the user to upgrade his subscription
  6. Display all the available packages using the API
  7. After the payment is complete, use the API to upgrade the subscription of the website

Getting started

  1. Create an RSA Key Pair (PEM format)
  2. Send the resulting public key (jwtRS256.key.pub) to the TWIPLA Dev Team
  3. Use the resulting private key to sign an INTP JWT Token which will authenticate all API requests
  4. Use the resulting private key to sign an INTPC JWT Token which will authenticate the TWIPLA Dashboard IFrame request

Authentication

Overview

All authentication is done based on JWT Tokens. These are created and signed by the INTP and validated by the TWIPLA API for each request using the public key provided in the on-boarding.

The token must be sent with every request as a Bearer token in the Authentication header Example:

Authentication: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

JWT tokens can be easily created in most programming languages using an appropriate library from jwt.io

INTP and INTPC Tokens

INTP Token: Integration partner token used for endpoints that deal with modifying customers or websites
INTPC Token: Integration partner customer token used to give access to the dashboard and data of a particular customer

Signing JWTs

Creating an RSA Key pair

  1. Create the keypair: ssh-keygen -t rsa -b 2048 -m PEM -f jwtRS256.key
  2. Convert the public key to PEM: openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub

Structure of an INTP 3AS JSON Web Token

  1. Header
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "UUID" // the id issued by TWIPLA for an INTP, in exchange for `jwtRS256.key.pub`
}
  1. Payload
{
  "roles": [
    "intp"
  ],
  "intp_id": "UUID" // the id issued by TWIPLA for an INTP, in exchange for `jwtRS256.key.pub`
  "exp": 1667215913, // expires at
  "iat": 1667215313 // issued at
}
  1. Signature

To create the signature, you have to use the encoded header, the encoded payload, the generated private key and the algorithm specified in the header (e.g., "RS256").

Structure of an INTPC 3AS JSON Web Token

  1. Header
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "UUID" // the id issued by TWIPLA for an INTP, in exchange for `jwtRS256.key.pub`
}
  1. Payload
{
  "roles": [
    "intpc"
  ],
  "intp_id": "UUID" // the id issued by TWIPLA for an INTP, in exchange for `jwtRS256.key.pub`
  "intpc_id": "string" // the id issued by the INTP for a customer (INTPC)
  "exp": 1667215913,
  "iat": 1667215313
}
  1. Signature

To create the signature, you have to use the encoded header, the encoded payload, the generated private key and the algorithm specified in the header (e.g., "RS256").

TWIPLA Dashboard IFrame URL

https://app-3as.visitor-analytics.io/?intpc_token=intpc_jwt_token&externalWebsiteId=intpWebsiteId

  1. intpc_jwt_token
  2. intpWebsiteId - the website id issued by the INTP, the target website in the IFrame Dashboard

Website API Keys

The TWIPLA API key system operates on a per-website basis. Each website can have multiple API keys. API keys are used to:

  • Authenticate requests to the TWIPLA API
  • Enable access to the TWIPLA dashboard for the associated website

Authentication via API key

The API Key can be used to create a short-lived dashboard token which can be used to login the user into the TWIPLA dashboard safely without exposing the API Key client-side.

Dashboard Access via API Key

After the website and API key have been successfully created and securely stored server-side, follow these steps to access the TWIPLA dashboard.

Step 1 — Login via API Key

Call the Login via API Key endpoint. A successful response returns a set of access tokens required to build the dashboard URL and verify the user's identity.

Step 2 — Build the Dashboard URL

Using the refreshToken from the login response, construct the dashboard URL in the following format:

https://app-3as.visitor-analytics.io?websiteToken={refreshToken}

API access via API key

The TWIPLA API can be accessed using the X-API-Key request header. Exposed endpoints only provide access to data for the connected website with read-only capabilities.

This method is safe as long as the connection uses HTTPS and the API key is stored server-side and not exposed in client-side code.

Request Header:

{ "X-Api-Key": "twpl-bFHhQukkcKA9omBqRukM" }

Relevant API Endpoints for Website Analytics:

Endpoint Description
Raw Sessions Retrieves a comprehensive list of visitor sessions with advanced filtering, sorting, and dimension selection capabilities.
Session Analytics Ideal for advanced analytics and reporting dashboards, allowing full control over which dimensions and metrics are returned, and how data is aggregated and compared over time.

Additional endpoints are available depending on future requirements.

Key Rotation

The API Key can be rotated using the endpoints in 3 steps:

  • Create a new key with a new expiry
  • Replace usage of the key with the new one
  • Allow the old key to expire or delete it

Create API key

Generate an API key to grant access to a specific website.

Authorizations:
jwt_intp
path Parameters
intpWebsiteId
required
string

ID of the website within the integration partner’s system

Request Body schema: application/json
required
name
required
string

A name for the API key.

comment
string

An optional comment or note about the API key.

expiresAt
string <date-time>

The date and time when the API key will expire. If not specified, the key will have no expiration.

Responses

Response Schema: application/json
object

Request samples

Content type
application/json
{
  • "name": "string",
  • "comment": "string",
  • "expiresAt": "2026-08-22T08:14:03+00:00"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

List all API keys for a website

Authorizations:
jwt_intp
path Parameters
intpWebsiteId
required
string

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
Array of objects

Response samples

Content type
application/json
{
  • "payload": [
    ]
}

Delete API key

Deletes an existing API key. Once an API key is deleted, it becomes permanently invalid and cannot be used for authentication or accessing the API. Use this operation to revoke access for security or management purposes.

Authorizations:
jwt_intp
path Parameters
intpWebsiteId
required
string

ID of the website within the integration partner’s system

apiKeyId
required
string

ID of the API key

Responses

Response samples

Content type
application/json
{
  • "error": "string"
}

Login via API key

Generate short-lived access tokens which can be used to login the user into the TWIPLA dashboard safely without exposing the API Key client-side.

Request Body schema: application/json
required
apiKey
required
string

The API key generated by twipla

websiteId
required
string <uuid>

TWIPLA websiteId, returned at website creation as id

Responses

Response Schema: application/json
object

Request samples

Content type
application/json
{
  • "apiKey": "twpl-bFHhQukkcKA9omBqRukM",
  • "websiteId": "eee0b185-ac19-4fd6-bb45-58b59a8988e9"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Website Subscriptions

An INTP can operate under two subscription models: website-based or account-based.

Use these endpoints if your company:

  • Uses website-based subscriptions
  • Is responsible for managing billing directly

Upgrade website subscription

Increase the number of credits for a specific website. The upgrade takes effect immediately, and the billing cycle and credit consumption resets.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

packageId
required
string <uuid> (packageId)

Package ID issued by TWIPLA

trial
boolean
Default: false
proRate
boolean
Default: false

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string",
  • "packageId": "471cc1d4-ec27-4504-b7c2-949af95662bc",
  • "trial": false,
  • "proRate": false
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Downgrade an active website subscription

Plan a subscription downgrade for a website; it will automatically apply when the current billing period ends.

This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

packageId
required
string <uuid> (packageId)

Package ID issued by TWIPLA

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string",
  • "packageId": "471cc1d4-ec27-4504-b7c2-949af95662bc"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Cancel website subscription

Schedule subscription cancellation for the end of the current billing cycle. The website will then revert to the free plan. Cancellation can be reversed by resuming the subscription until it takes effect. Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Resume a website subscription

Resume a canceled subscription. This can be done until the cancellation takes effect, and the action applies immediately.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Deactivate website subscription

Deactivate the subscription; the website will also be deleted.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Account Subscriptions

An INTP can operate under two subscription models: website-based or account-based.

Use these endpoints if your company:

  • Uses account-based subscriptions
  • Is responsible for managing billing directly

Upgrade account subscription

Increase the number of credits for a specific account. The upgrade takes effect immediately, and the billing cycle and credit consumption resets.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpcId
required
string

ID of the customer within the integration partner’s system

packageId
required
string <uuid> (packageId)

Package ID issued by TWIPLA

trial
boolean
Default: false

Indicates whether the subscription should start in a trial period.

proRate
boolean
Default: false

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpcId": "string",
  • "packageId": "471cc1d4-ec27-4504-b7c2-949af95662bc",
  • "trial": false,
  • "proRate": false
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Downgrade account subscription

Plan a subscription downgrade for an account; it will automatically apply when the current billing period ends.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpcId
required
string

ID of the customer within the integration partner’s system

packageId
required
string <uuid> (packageId)

Package ID issued by TWIPLA

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpcId": "string",
  • "packageId": "471cc1d4-ec27-4504-b7c2-949af95662bc"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Cancel account subscription

Schedule subscription cancellation for the end of the current billing cycle. The account will then revert to the free plan. Cancellation can be reversed by resuming the subscription until it takes effect.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpcId
required
string

ID of the customer within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpcId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Resume account subscription

Resume a canceled subscription. This can be done until the cancellation takes effect, and the action applies immediately.

Note: This endpoint should be used only if your company is responsible for managing billing. Otherwise, the subscription will be managed directly by the user through the dashboard.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpcId
required
string

ID of the customer within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpcId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Deactivate account subscription

Deactivate the subscription; the account will also be deleted.

Authorizations:
jwt_intp
Request Body schema: application/json
required
intpcId
required
string

ID of the customer within the integration partner’s system

Responses

Response Schema: application/json
object (Subscription)

Request samples

Content type
application/json
{
  • "intpcId": "string"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Customers

Create INTPC

Create a new INTP Customer

Authorizations:
jwt_intp
Request Body schema: application/json
required

Data about the INTPC

intpCustomerId
required
string (intpCustomerId)

ID of the customer within the integration partner’s system

email
required
string <email>

Must be unique within the company

required
object

Responses

Response Schema: application/json
object

Request samples

Content type
application/json
{
  • "intpCustomerId": "string",
  • "email": "support@twipla.com",
  • "website": {
    }
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Get all INTPCs

Authorizations:
jwt_intp
query Parameters
page
required
number

Use 0 for the first page

pageSize
required
number

Responses

Response Schema: application/json
Array of objects (INTPC)
object (paginationMeta)

Response samples

Content type
application/json
{
  • "payload": [
    ],
  • "meta": {
    }
}

Get INTPC

Authorizations:
jwt_intp
path Parameters
intpCustomerId
required
string

ID of the customer within the integration partner’s system

Responses

Response Schema: application/json
object (INTPC)

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Delete INTPC

Authorizations:
jwt_intp
path Parameters
intpCustomerId
required
string

ID of the customer within the integration partner’s system

Responses

Response Schema: application/json
object (INTPC)

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Packages

Create a new Package

Authorizations:
jwt_intp
Request Body schema: application/json
required
name
required
string (name)
price
required
number (price)
currency
required
string (currency)
Value: "EUR"
touchpoints
required
number (consumedStps)
period
required
string (period)
Enum: "monthly" "yearly"

Responses

Response Schema: application/json
object (Package)

Request samples

Content type
application/json
{
  • "name": "string",
  • "price": 12.99,
  • "currency": "EUR",
  • "touchpoints": 0,
  • "period": "monthly"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Get packages

Authorizations:
jwt_intp

Responses

Response Schema: application/json
Array of objects (Package)

Response samples

Content type
application/json
{
  • "payload": [
    ]
}

Get Package by INTP issued ID

Authorizations:
jwt_intp
path Parameters
packageId
required
string

Package ID issued by TWIPLA

Responses

Response Schema: application/json
object (Package)

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Websites

Create website (v3)

Authorizations:
jwt_intp
Request Body schema: application/json
required
object
required
object
object

Responses

Response Schema: application/json
object (Website)

Request samples

Content type
application/json
{
  • "website": {
    },
  • "intpc": {
    },
  • "opts": {
    }
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Create website (v2) Deprecated

Authorizations:
jwt_intp
Request Body schema: application/json
intpWebsiteId
required
string (intpWebsiteId)

ID of the website within the integration partner’s system

intpCustomerId
required
string (intpCustomerId)

ID of the customer within the integration partner’s system

packageId
string <uuid>

Package ID issued by TWIPLA. Leave empty to create the website on the default free plan. Provide this ID only if your company is responsible for billing; otherwise, leave it blank, as the subscription will be managed directly by the user in the dashboard.

domain
required
string (websiteDomain)

The website domain

billingDate
string <date-time> (date)

Responses

Response Schema: application/json
object (Website)

Request samples

Content type
application/json
{
  • "intpWebsiteId": "string",
  • "intpCustomerId": "string",
  • "packageId": "471cc1d4-ec27-4504-b7c2-949af95662bc",
  • "domain": "domain.example.com",
  • "billingDate": "2023-08-22T08:14:03+00:00"
}

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Get websites

Authorizations:
jwt_intp

Responses

Response Schema: application/json
Array of objects (Website)

Response samples

Content type
application/json
{
  • "payload": [
    ]
}

Get Website

Authorizations:
jwt_intp
path Parameters
intpWebsiteId
required
string

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
object (Website)

Response samples

Content type
application/json
{
  • "payload": {
    }
}

Delete Website

Authorizations:
jwt_intp
path Parameters
intpWebsiteId
required
string

ID of the website within the integration partner’s system

Responses

Response Schema: application/json
object (Website)

Response samples

Content type
application/json
{
  • "payload": {
    }
}