Medallia Experience Cloud APIs are either REST-based or GraphQL-based. The REST APIs are used for manipulating objects or bulk importing data, while the GraphQL APIs are used for real-time analytics and pulling data from Experience Cloud.
Experience Cloud APIs are secured using OAuth 2.0. For more information, see Authentication.
Experience Cloud offers both sandbox environments where partner and client developers test and develop configuration, code, and integrations before going live. If you are interested in building solutions and joining the partner ecosystem, sign up here.
API Gateway URLs
Medallia's API Gateway URLs are derived from the Reporting URL which is set when your Experience Cloud instance is first provisioned.
This section provides a quick start guide for determining your API Gateway URL; see our product documentation to find additional details.
Some Medallia products, such as Conversations, may have dedicated API gateways or other ways of accessing their content due to unique requirements or operating conditions. Check the product-specific API documentation for more details.
Production Instances and Partner Sandboxes
API Gateway URLs are of the form:
instance-tenant.apis.medallia.com
The instance and tenant values are taken from the Reporting URL, such as instance.medallia.com/tenant. The suffix apis.medallia.com is constant, independent of the data center.
The below table shows several examples of this mapping being applied on fictional instances:
| Reporting URL | API Gateway URL |
|---|---|
| orion | orion-orion |
| acmecorp | acmecorp-acmelabs |
| momcorp | momcorp-robots |
Partner sandboxes similar to production
Partner sandboxes are environments that partners use for development and follow the same URL patterns as production environments.
Client Sandboxes
Client sandboxes are copies of a customer's production environment that a customer can create or delete at will.
API Gateway URLs are of the form:
sbxname-instance-tenant.apis.sbx.dc.medallia.tld
Similar to the production instance URLs, these values are derived from the sandbox's Reporting URL, just with more parts being used.
The below table shows several examples of this mapping being applied to fictional instances:
| Sandbox URL | API Gateway URL |
|---|---|
| orgtest-orion-orion | orgtest-orion-orion |
| pilot-acmecorp-acmelabs | pilot-acmecorp-acmelabs |
| uat21-momcorp-robots | uat21-momcorp-robots |
Error Handling
Medallia's APIs return both an HTTP response code and an error message. Typical errors and response codes are shown below. Check the documentation for the specific APIs with which you are integrating for any API-specific behaviors.
| Response Code | Description |
|---|---|
| 200Â -Â OK | The API request was successful. |
| 201Â -Â Created | The API request was successful in creating an entity. |
| 202Â -Â Accepted | The API request was successfully accepted for asynchronous processing. |
| 400 - Badly formed request | Missing or incorrectly-formed request. Check your request payload format and try again. |
| 401Â -Â Unauthorized | The OAuth 2.0 token is not valid. Request a new token and try again. |
| 403Â -Â Forbidden | Your access level does not allow for accessing this resource. |
| 404 - Not Found | The identified resource in the URL does not exist/could not be found. |
| 406 - Not Acceptable | The identified acceptable format is not supported. Check that your headers are correct (Accept, Accept-Encoding, Accept-Language), and try again. |
| 429 - Too Many Requests | You have exceeded the rate limit for this API. Wait and try again. |
| 500 - Server Error | Something very unexpected went wrong. These are rare. Check your input values and try again. Open a support ticket with detailed steps to reproduce if needed. |
Rates and Limits
In general, most APIs are available on all instances of Medallia. Some APIs related to add-on features, such as the Speech API, are only available to customers who have purchased those features.
When these limits are exceeded, the app or user may be throttled. API requests made by a throttled user or app will fail.
Experience Cloud APIs will return the following HTTP headers to enable the caller to track rate limits. For further details, see IETF draft-polli-ratelimit-headers.
| Parameter | Description | Sample values |
|---|---|---|
| X-RateLimit-Limit | Request quota associated with the client in the current time window (in seconds). | 10, 10;w=1, 100;w=86400 |
| X-RateLimit-Remaining | Remaining quota units associated with the client during the current time window. | 60 |
| X-RateLimit-Reset | Time remaining in the current window, specified in seconds, until the quota resets. | 10 |
API-specific Limits
The standard API call limits are listed in the table below. Note that these are not hard limits; Medallia limits the number of API calls per company to prevent unintended bugs in API client code or malicious code from taking down production systems.
| API | Requests per second | Requests per minute | Requests per day | Concurrent requests | Timeout (in seconds) |
|---|---|---|---|---|---|
| Query API | 70 | N/A | 975,000 | N/A | 90 |
| Users API | 70 | N/A | 10,000 | N/A | 180 |
| Roles API | 70 | N/A | 10,000 | N/A | 180 |
| Speech API | N/A | 13,000 | 325,000 | 1,000 | 180 |
| Import API: Import on concurrent processing mode | 1 | N/A | 1,950,000 | 5 | 600 |
| Import API: Import on non-concurrent processing mode | 10 | N/A | 1,950,000 | N/A | 600 |
| Feed File API: Results | 10 | N/A | 100,000 | N/A | 600 |
| Feed File API: Detailed results | 10 | N/A | 10,000 | N/A | 600 |
| Introspection API: All import endpoints | 10 | N/A | 10,000 | N/A | 600 |
| Introspection API: Specific import endpoint | 10 | N/A | 10,000 | N/A | 600 |
In addition, the below APIs have unique aspects of rating limiting that are orthogonally applied:
- Query API calls have a cost. Requests are subject to cost limits and are throttled once the 3,000,000 cost-units-per-query limit is reached.
- Import API calls are restricted to a data payload size limit of 100 MB for concurrent processing and 1.5 GB for non-concurrent processing.
- The feed file detailed results show up to the first 5,000 input records per result status for an import request. Examples of result status include records successfully created, updated, or discarded.
Examples
- Simultaneously make 10 API calls/sec to the Users API and 10 API calls/sec to the Roles API on your production instance - OK
- Simultaneously make 10 API calls/sec to the Users API on your production instance and 10 API calls/sec to the Users API on your sandbox - OK
- Make 15 calls/sec to the Roles API on your production instance - 5 calls will return with HTTP 429
All instances of Medallia have an allowance of at least 60,000 API calls per 24-hour window. Certain APIs may have different baseline allowances, so please check the API documentation for any additional details. Allowances are based on your Experience Cloud subscription. If you require a higher daily call volume, contact your account representative or Medallia Support.
Cost and limits
Medallia limits the number of API calls per company to prevent unintended bugs in API client code or malicious code from taking down production systems. If you need higher limits, contact your Medallia representative to make the request.
What's Next
| Authentication |
| Product Documentation |