Sprocket Api

The API that provides access to the RallyBound fundraising platform.

Api Overview

The Sprocket API was built to provide third-party applications access to perform actions on behalf of a RallyBound platform User.

For the purposes of this document, here is a brief explanation of the following terms:
  • RallyBound Platform The RallyBound fundraising platform on all non-profit campaign instances.
  • User The user of the RallyBound Platform. (A user may serve the roles of Attendee, Donor and others, depending on the Campaign).
  • Client The third-party application performing actions on behalf of a User.
  • Client Application Registration The process of registering your application with the Sprocket API, to obtain Client Credentials.
  • Client Credentials A pair of public/private strings that will be used to call specific Sprocket API methods, for example, during the Authorization Flow.
  • Authorization Flow The process of requesting a User to grant permission to the Client to perform actions on their behalf, limited to a set of Permission Scopes.
  • Permission Scope A set of permissions defined later in this document.
  • Access Token A unique string that is given to the Client once a User grants permission to your Clients application. Once an Access Token is obtained, it can be used to execute methods of the Sprocket API on behalf of the User.
  • Refresh Token For security purpose, Access Tokens expire after a short period of time. To avoid the need to perform the full Authorization Flow again, the Client will be given (during the Authorization Flow) a second unique string that can be used to generate subsequent Access Tokens.

Authentication

The Sprocket API uses OAuth 2.0 3-legged to allow third-party Clients to access users campaign data. the Sprocket API follows the OAuth 2.0 Authorization Framework specifications.

Request Format

The Sprocket API follows the HTTP REST protocol.

Each of the Sprocket API methods in the Sprocket API will list the following:
  • HTTP Method (GET/POST/PUT/DELETE)
  • URI
  • Request Parameters
  • Request Authentication

HTTP Method

Http Method Example
GET https://rest.rallybound.com/sprocket/v2/campaigns/1234
POST https://rest.rallybound.com/sprocket/v2/admin/campaigns/1234/users
PUT https://rest.rallybound.com/sprocket/v2/admin/campaigns/1234/users/5678
DELETE https://rest.rallybound.com/sprocket/v2/campaigns/1234/users/5678/updates/90

URI

The URI of an individual API method may contain dynamic parameters (surrounded by curly brackets). they will need to be populated with their respective values, to generate the final URI.

For example, the following API URI https://rest.rallybound.com/sprocket/{apiVersion}/campaigns/{campaignID}/users contains 2 dynamic parameters:
  • apiVersion
  • campaignID
Both parameters must be populated with values before submitting an api call.
For the example above, the final URI will look like: https://rest.rallybound.com/sprocket/v2/campaigns/1234/users

Request Parameters

Request parameters for each API method will be listed in the following table format:

Parameter Key Required Data Type Default Value Description
Y/N int/long/string Parameters that are not required and are absent will be default to the value listed Brief description

Required parameters that are absent, or parameters that are of incorrect data type (such as passing abc for a parameter that has a data type of int will generate a 400 Bad Request error)


Request Authorization

Most of the Sprocket API Methods will require authorization. There are two types of authorizations listed below. Each of the API methods will list the type of authorization required.

We recommend that the Client application make use of the Authorization HTTP header, although we plan to support an alternative that makes use of request parameters.

Authorization Type Authorization Method Parameters Notes
AccessToken Bearer The AccessToken obtained through the user-authentication flow. See RFC 6750
ClientSecret Basic client_id & client_secret provided to you See RFC 2617

AccessToken

AccessToken authorization is required for API methods that perform an action on behalf of a User, to query account information, for example. A valid AccessToken is obtained during the Authorization Flow


POST /sprocket/v2/test/me HTTP/1.1
    Host: rest.rallybound.com
    Authorization: Bearer NBFHLSJ7w8URN9jJVLtmLmuS-e85Ya64hmUDf_aar4AfQNEEN4
string endpoint = "https://rest.rallybound.com/sprocket/v2/test/me";
    string accessToken = "NBFHLSJ7w8URN9jJVLtmLmuS-e85Ya64hmUDf_aar4AfQNEEN4";
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(endpoint);
    request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + accessToken);
    

ClientSecret

ClientSecret authorization is required for API methods that originate from the Client server, to obtain an Access Token, for example.

Authorization uses the basic authentication scheme (RFC 2617), using the client_id as the username and the client_secret as the password.

Since the client_secret should be treated as a private key, all API methods that require client_secret authorization should originate from your servers.


POST /sprocket/auth/oauth2/token HTTP/1.1
    Host: rest.rallybound.com
    Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
string endpoint = "https://rest.rallybound.com/sprocket/auth/oauth2/token";
    string client_id = "s6BhdRkqt3";
    string client_secret = "gX1fBat3bV";
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(endpoint);
    request.Credentials = new NetworkCredential(client_id, client_secret);
    

Response Format

Status Code

The Sprocket API will respond to each call with a HTTP status code to indicate if the call was successful. Status codes of 2xx indicate success, 4xx indicate client errors (such as missing request parameters) while 5xx indicate server errors.


Content Type

The Sprocket API will respond in JSON, but it supports XML as well. To get a response in XML, set the request Accept header to application/xml.


Pretty Print

To get a prettified response, add a pretty query parameter set to true.

POST /Example HTTP/1.1
Host: rest.rallybound.com
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "Key1": "Value1",
  "Key2": 1234
}
POST /Example HTTP/1.1
Host: rest.rallybound.com
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

<response>
  <Key1>Value1</Key1>
  <Key2>1234</<Key2>
<response>

Pagination

Requests for collections can return between 0 and 100 results, controlled using the limit query parameter. All collection endpoints are limited to 10 results by default.

Retrieving records past the limit is done by using the offset query parameter.

This example would fetch teams 101 through 150
GET /sprocket/v2/admin/campaigns/1234/teams?limit=50&offset=100

A collection's range can be set to start from a specified result by adding the from_id or starting query parameters.

The from_id parameter (integer) will skip all records with their primary id less than the specified integer.

The starting parameter (long) will skip all records created prior to the specified unix timestamp.

If the request is made to a modified endpoint, the starting parameter will skip all records last modified prior to the specified unix timestamp (based on the Last_Modified_On timestamp).

Endpoints which support pagination will define their fields parameters in their documentation.

Filtering

Collections may be limited based on specified criteria. This is done by passing filters as query parameters for fields within an object. The parameter specifies the field by which to filter, and its value determines the criteria by which to filter.

Filters may be passed for fields anywhere in an object structure (assuming filtering is supported by the relevant field). So, for example, a donation object can be filtered by donation.amount or donation.payment.currency_key (or both).

Collections may be filtered by string for string fields; by relational operators for integer, decimal, and long fields (including timestamps); and by logic (true/false) for boolean fields.

Strings are filtered based on the exact value passed. To filter based on a partial string, wildcards may be used by prepending or appending an asterisk ("*") to the value passed.

The following example would limit the returned collection to teams whose names start with "our":
GET /sprocket/v2/admin/campaigns/1234/teams?team.name=our*

Integers may be filtered by the relational operators equals ("="), greater than (">"), or less than ("<"). When filtering by greater or less than, the equals sign sets the value of the parameter, and is not part of the relational operator. When filtering by equality, a single equals sign is used, which sets the parameter value, and also checks for equality.

The following example would limit the returned collection to donations which are greater than $100:
GET /sprocket/v2/admin/campaigns/1234/donations?donation.amount=>100

The following example would limit the returned collection to donations which are equal to $250:
GET /sprocket/v2/admin/campaigns/1234/donations?donation.amount=250

Endpoints which support filtering will indicate their respective filterable fields in their documentation.

Sorting

Collections may be sorted by specified fields using the sort query parameter. To sort by multiple fields, the fields should be passed comma-delimited. The order of the fields will determine the priority of the sort.

By default, the sort order is ascending. To sort descending, preface the relevant field with "-".

The following example would return teams in order of amount raised, with top raised listed first:
GET /sprocket/v2/admin/campaigns/1234/teams?sort=-team.amount_raised

Endpoints which support sorting will indicate their respective sortable fields in their documentation.




Client Setup

Client Registration

To register your application, please contact our support with the following details:

  • Application Name: The name of your application
  • OAuth 2.0 Redirect Prefixes: A list of OAuth 2.0 redirect prefixes (see section 3.1.2 of the OAuth 2.0 spec) that are to be white-listed for the Authorization Flow.
    Although not a requirement, we recommend that production prefixes should begin with HTTPS
    Multiple prefixes are allowed, for example: https://example.com/oauth2/client_redirect and http://dev.example.com/oauth2/client_redirect

Upon successful registration, you will be given a 10 character client_id and a 32 character client_secret, which are needed for some of the Sprocket API methods (such as starting an Authorization Flow)

The client_secret should be kept private to you and never be accessed by the public. Including the secret in a public application (such as a mobile app) can allow a hacker to make use of your keys.
For this reason, all of the Sprocket API methods that require the client_secret, must originate from your servers.


Modifying Client Settings

To modify the settings of your application (such as adding or removing redirect prefixes), please contact our support.


Revoking Keys

In the event that there is an outside breach of your servers, or if your client_secret was leaked to the public, please contact our support to revoke the existing keys and generate new ones.




OAuth 2.0 Overview

The Sprocket API currently supports the OAuth 2.0 protocol to perform authorization. Please see RFC 6749 for more details on the protocol.

Protocol Implementation

The OAuth protocol defines four roles:
  • Resource Owner
  • Resource Server
  • Client
  • Authorization Server

The Resource Owner refers to the User on behalf of whom your application is performing various actions.

The Resource Server refers to the Sprocket API methods listed below.

The Client refers to your application.

The Authorization Server refers to the Sprocket API authentication endpoint listed in this following sections.


OAuth 2.0 Authorization Flow:

                    
+--------+ +---------------+ | |--(A)- Authorization Request ->| Resource | | | | Owner | | |<-(B)-- Authorization Grant ---| | | | +---------------+ | | | | +---------------+ | |--(C)-- Authorization Grant -->| Authorization | | Client | | Server | | |<-(D)----- Access Token -------| | | | +---------------+ | | | | +---------------+ | |--(E)----- Access Token ------>| Resource | | | | Server | | |<-(F)--- Protected Resource ---| | +--------+ +---------------+

Although OAuth 2.0 defines four grant types, the Sprocket API currently only supports the Authorization Code Grant flow, which requires the Client to redirect the User via a web browser to the authorization endpoint url.

                    
OAuth 2.0 Authorization Code Grant +----------+ | Resource | | Owner | | | +----------+ ^ | (B) +----|-----+ Client Identifier +---------------+ | -+----(A)-- & Redirection URI ---->| | | User- | | Authorization | | Agent -+----(B)-- User authenticates --->| Server | | | | | | -+----(C)-- Authorization Code ---<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>---(D)-- Authorization Code ---------' | | Client | & Redirection URI | | | | | |<---(E)----- Access Token -------------------' +---------+ & Refresh Token


Security

All of the Sprocket API calls are to be made over HTTPS. Although all versions of TLS are currently supported, you should always use the latest and most secure version available.

The use of TLS is very important, since OAuth 2.0 does not use hash signatures to prevent man-in-the-middle attacks.

Since Access Tokens and Refresh Tokens can be used to perform actions on behalf of a User, they must be kept secure and out of reach from unauthorized people. Preferably, they should not be stored in plain-text.


Authorization Endpoints

Endpoint URI
Authorization
GET https://rest.rallybound.com/sprocket/auth/oauth2/authorize
Token
POST https://rest.rallybound.com/sprocket/auth/oauth2/token
Refresh
POST https://rest.rallybound.com/sprocket/auth/oauth2/refresh

Access Tokens

In order to make authorized calls to the Sprocket API methods, your application must first obtain an Access Token on behalf of a User. Once a valid Access Token is obtained, it can be used to perform multiple API methods until the token expires.

Obtaining Access Tokens

To obtain an Access Token, your application will need to:
  1. Construct a URI that is based on the Sprocket OAuth 2.0 Authorization endpoint URI, populating the request parameters.
  2. Redirect the User via a web browser to the constructed URI
Once the User authenticates and grants access to your application, the User will be redirected to the redirect_uri specified in the request, with the addition of a code that can be exchanged for an Access Token.

Request Parameters:

Parameter Key Required Data Type Default Value Description
response_type Y string Must be set to code
client_id Y string client_id that was provided for your application
redirect_uri N string First redirect_uri associated with your application URI of where to redirect the User once they have authorized your application.

* Value is restricted to the list of Redirect Prefixes associated with your application.
scope N string Default permissions A space-delimited string of permissions requested
state N string State associated with the User request.
the value of this parameter will be passed along to the redirect_uri
https://rest.rallybound.com/sprocket/auth/oauth2/authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Foauthoauth2%2Fclient_redirect
string endpointBase = "https://rest.rallybound.com/sprocket/auth/oauth2/authorize";
string client_id = "s6BhdRkqt3";
string redirectUri = System.Web.VirtualPathUtility.ToAbsolute("~/oauthoauth2/client_redirect");
string state = "abc";

string constructedUri = string.Format("{0}?response_type=code&client_id={1}&redirect_uri={2}&state={3}",
    endpointBase, client_id, Uri.EscapeDataString(redirectUri), Uri.EscapeDataString(state));

/*ASP.NET classic*/
Response.Redirect(constructedUri);

/*ASP.NET MVC*/
return Redirect(constructedUri);


Redirection Parameters

Following the OAuth 2.0 spec, once the User grants access to your application they will be redirected to the redirect_uri specified in the authorization request. The following redirect parameters will be appended:

Parameter Key Required Data Type Default Value Description
code Y string A nonce that can be exchanged for a Access Token
scope Y string A space-delimited string containing the set of scopes approved by the User
state N string The value of the state parameter from the authorization request
https://client.example.com/oauthoauth2/client_redirect?code=s6BhdRkqt3&state=xyz


Exchanging the Nonce for Access & Refresh Tokens

Nonce codes are valid for 10 minutes, and are to be exchanged for a pair of Access and Refresh tokens. Keep in mind that an individual nonce code can only be used once, so if there is an error during the exchange - you will need to begin a new Authorization Flow.

To exchange the code received via the redirect parameter for an Access Token and a Refresh Token, issue a request to the Token Endpoint using the client_secret authorization method, along with the request parameters below:

POST https://rest.rallybound.com/sprocket/auth/oauth2/token

Request Parameters:

Parameter Key Required Data Type Default Value Description
grant_type Y string Must be set to authorization_code
code Y string The Nonce code received via the redirect parameter
redirect_uri Y string The redirect_uri used during the authorization request
POST /sprocket/auth/oauth2/token HTTP/1.1
Host: rest.rallybound.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Foauthoauth2%2Fclient_redirect
string endpoint = "https://rest.rallybound.com/sprocket/auth/oauth2/token";
string client_id = "s6BhdRkqt3";
string client_secret = "gX1fBat3bV";

//redirect_uri used in the authorization request
string redirectUri = "https://client.example.com/oauthoauth2/client_redirect";

//code issued as redirect parameter
string code = "SplxlOBeZQQYbYS6WxSbIA";


HttpWebRequest request = (HttpWebRequest)WebRequest.Create(endpoint);
request.Credentials = new NetworkCredential(client_id, client_secret);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
using(Stream requestStream = request.GetRequestStream())
using(StreamWriter writer = new StreamWriter(requestStream))
{
    writer.Write(string.Format("grant_type=authorization_code&code={0}&redirect_uri={1}",
        Uri.EscapeDataString(code), Uri.EscapeDataString(redirectUri));
}
using(HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    //....
}

Response Parameters:

Parameter Key Required Data Type Default Value Description
access_token Y string The Access Token that your application shall use to perform API calls on behalf of the User
token_type Y string Always set to Bearer
expires_in Y int Number of seconds that the Access Token is valid for. Once the token expires, use the Refresh Token to request a new Access Token
refresh_token Y string The Refresh Token that your application can use to request future Access Token for this authorization grant
POST /sprocket/auth/oauth2/token HTTP/1.1
Host: rest.rallybound.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Foauthoauth2%2Fclient_redirect
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "access_token": "6vnJ8CL_gttCtAdwXcHrKmK6SgCjfdX-LSpTvkw5576cETLABWLGdgKzrGrtm4pxa-ubrnmHNVw",
  "token_type": "Bearer",
  "expires_in": 1800,
  "refresh_token": "7Naj7aZfSQvEzUa2MvezDk53"
}
POST /sprocket/auth/oauth2/token HTTP/1.1
Host: rest.rallybound.com
Accept: application/xml
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Foauthoauth2%2Fclient_redirect
HTTP/1.1 200 OK
Content-Type: application/xml;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

<response>
  <access_token>6vnJ8CL_gttCtAdwXcHrKmK6SgCjfdX-LSpTvkw5576cETLABWLGdgKzrGrtm4pxa-ubrnmHNVw</Key1>
  <token_type>Bearer</Key1>
  <expires_in>1800</Key1>
  <refresh_token>7Naj7aZfSQvEzUa2MvezDk53</Key1>
<response>

As mentioned earlier, since the client_secret should be treated as a private key, all API methods that require client_secret authorization should originate from your servers.



Using Access Tokens

Now that the User granted access to your application, you may use the Access Token to perform actions on their behalf. Most of the Sprocket API methods require AccessToken authorization.


Token Expiry

Access Tokens expire 30 minutes after they was issued.


Refresh Tokens

Once a Access Token expires, use the Refresh Token to obtain a fresh one without requiring a new Authorization Flow, as demonstrated below:

                    
+--------+ +---------------+ | |--(A)------- Authorization Grant --------->| | | | | | | |<-(B)----------- Access Token -------------| | | | & Refresh Token | | | | | | | | +----------+ | | | |--(C)---- Access Token ---->| | | | | | | | | | | |<-(D)- Protected Resource --| Resource | | Authorization | | Client | | Server | | Server | | |--(E)---- Access Token ---->| | | | | | | | | | | |<-(F)- Invalid Token Error -| | | | | | +----------+ | | | | | | | |--(G)----------- Refresh Token ----------->| | | | | | | |<-(H)----------- Access Token -------------| | +--------+ +---------------+

Obtaining a new Access Token from a Refresh Token

To obtain a new Access Token, issue a request to the Refresh Endpoint using the client_secret authorization method, along with the request parameters below:

POST https://rest.rallybound.com/sprocket/auth/oauth2/refresh

Request Parameters:

Parameter Key Required Data Type Default Value Description
grant_type Y string Must be set to refresh_token
refresh_token Y string The Refresh Token obtained during the initial Authorization Flow
scope N string If a scope change is required, a space-delimited set of permissions that are a subset of the permissions granted by the User during the initial Authorization Flow.
POST /sprocket/auth/oauth2/refresh HTTP/1.1
Host: rest.rallybound.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=7Naj7aZfSQvEzUa2MvezDk53
string endpoint = "https://rest.rallybound.com/sprocket/auth/oauth2/refresh";
string client_id = "s6BhdRkqt3";
string client_secret = "gX1fBat3bV";

string refreshToken = "7Naj7aZfSQvEzUa2MvezDk53";

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(endpoint);
request.Credentials = new NetworkCredential(client_id, client_secret);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
using(Stream requestStream = request.GetRequestStream())
using(StreamWriter writer = new StreamWriter(requestStream))
{
    writer.Write(string.Format("grant_type=refresh_token&refresh_token={0}",
        Uri.EscapeDataString(refreshToken));
}
using(HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    //....
}

Response Parameters:

Parameter Key Required Data Type Default Value Description
access_token Y string The Access Token that your application shall use to perform API calls on behalf of the User
token_type Y string Always set to Bearer
expires_in Y int Number of seconds that the Access Token is valid for. once the token expires, use the Refresh Token to request a new Access Token
POST /sprocket/auth/oauth2/refresh HTTP/1.1
Host: rest.rallybound.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=7Naj7aZfSQvEzUa2MvezDk53
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "access_token": "AwQzZqZsPxPyfUKpZzpBJQUjBLetdXUrWMmKMFtETxC2yaEcvx3We4w_Upe8zqfv4B5zQeqHg",
  "token_type": "Bearer",
  "expires_in": 1800
}
POST /sprocket/auth/oauth2/refresh HTTP/1.1
Host: rest.rallybound.com
Accept: application/xml
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=7Naj7aZfSQvEzUa2MvezDk53
HTTP/1.1 200 OK
Content-Type: application/xml;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

<response>
  <access_token>AwQzZqZsPxPyfUKpZzpBJQUjBLetdXUrWMmKMFtETxC2yaEcvx3We4w_Upe8zqfv4B5zQeqHg</Key1>
  <token_type>Bearer</Key1>
  <expires_in>1800</Key1>
<response>

Token Expiry

By default, Refresh Token expire 1 year after it was issued.




v1 Objects

RallyBound Objects are the RallyBound objects (eg Users, Teams etc) which can be accessed via the Sprocket API.
API responses will contain the requested, edited or created object(s).

Campaign

Fields:

Field Name Field Type Notes
Id int
Name string
Description string
Date long unix timestamp
Url string
Campaign_Type int A number indicating what the Campaign type is
Fundraising_Goal Fundraising_Goal Some Fundraising_Goal fields are not applicable for the Campaign
Organization Organization
Series_Id int
Fundraiser_Leaders Array of User The length of the array is based on "leader_count" passed in as a query string parameter (defaults to 0). The Users' Fundraising_Goal will not populate the Displayed_Donation_Infos
Team_Leaders Array of Team The length of the array is based on "leader_count" passed in as a query string parameter (defaults to 0). The Teams' Fundraising_Goal will not populate the Displayed_Donation_Infos

Series

Campaigns can be grouped into a Series. RallyBound Fundraising Platforms are each an instance of a Series.

Fields:

Field Name Field Type Notes
Id int
Name string
Url string
Fundraising_Goal Fundraising_Goal Some Fundraising_Goal fields are not applicable for the Series
Fundraiser_Leaders Array of User The length of the array is based on "leader_count" passed in as a query string parameter (defaults to 0). The Users' Fundraising_Goal will not populate the Displayed_Donation_Infos
Team_Leaders Array of Team The length of the array is based on "leader_count" passed in as a query string parameter (defaults to 0). The Teams' Fundraising_Goal will not populate the Displayed_Donation_Infos

Organization

Fields:

Field Name Field Type Notes
Id int
Name string
Tax_ID string
Website string
Address_Line_1 string
Address_Line_2 string

User

Fields:

Field Name Field Type Notes
Id int
Email string
First_Name string
Last_Name string
Profile_Image string Url
Is_Fundraiser boolean
Team_Id int null indicates that the User is not on a Team
Campaign_Id int
Fundraising_Goal Fundraising_Goal
Address Address
External_Completed_1 boolean Currently only used for CharityDynamics Boundless Fundraising™ Mobile App
External_Completed_2 boolean Currently only used for CharityDynamics Boundless Fundraising™ Facebook App

Team

Fields:

Field Name Field Type Notes
Id int
Name string
Profile_Image string Url
Captains Array of User
User_Ids Array of int
Campaign_Id int
Fundraising_Goal Fundraising_Goal

Fundraising_Goal

Fields:

Field Name Field Type Notes
Id int
Campaign_Name string
Fundraising_Page string Url
Fundraising_Page_Header string
Fundraising_Page_Html string
Goal_Amount decimal
Amount_Raised decimal
Amount_To_Goal decimal
Direct_Donate string
Displayed_Donation_Infos Array of Displayed_Donation_Info Not populated when returning leader list

Donation

Fields:

Field Name Field Type Notes
Id int
Date long unix timestamp
Amount decimal
Donor_Name string
Donor_Email string Admin can restrict access to users
Donor_Address Address Admin can restrict access to users
Message string
Is_Pending boolean

Address

Fields:

Field Name Field Type Notes
Id int
Address_1 string
Address_2 string
City string
State string
Zip string
Country string Iso3166Code

Displayed_Donation_Info

Displayed_Donation_Info is not a Donation object. Rather, this is the publicly displayed portion of a Donation and is therefore available via API without AccessToken authorization

Fields:

Field Name Field Type Notes
Id int
Date long unix timestamp
Amount decimal null indicates anonymous
Donor_Name string null indicates anonymous
Message string



Sprocket v2

base url: /sprocket/v2
api version: 2.1

features include: pagination, filtering and sorting.

v2 is still being expanded; updates posted regularly.