API Reference

Exchange a Carrefour Gigya bearer for a session

post
https://api.acc.funtrips.io/{stage}/session/carrefour/token

PUBLIC

Verifies a Carrefour-issued Gigya JWT and mints a Cognito session for the user. Designed for the iframe handoff: the front-end picks up the bearer via Gigya postMessage and posts it here directly.

The Gigya bearer is signature-verified against the issuer's public key (fetched + cached per apiKey + kid). Tokens signed by issuers not on the allow-list are rejected before any provider call.

The active campaign comes from the x-campaign-id header — the Gigya bearer is identity proof, not campaign proof. The accountuid + loyalty_card (BONUS) Gigya claims are projected into the session JWT's integrator_params so downstream Maxxing flows can skip re-decoding the bearer.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

Exchanges a Carrefour Gigya-issued JWT bearer for a Cognito session. The bearer is signature-verified against Gigya's public key for the issuing apiKey before any session is minted; rejected tokens never provision a user. Designed for the iframe handoff where the front-end picks up the bearer via Gigya postMessage and POSTs it directly — Carrefour does not call our integrator-side POST /session endpoint server-side in this flow.

string
required
length ≥ 1

Gigya JWT bearer (header.body.signature) issued for the user.

Headers
uuid
required

Campaign scope for this request. Filters content to the specified campaign.

string

RFC 7231 language preference. The best match against supported locales (nl-NL, en-GB, de-DE) is selected. Defaults to nl-NL when omitted.

string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Updated about 2 months ago

Language
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json

Updated about 2 months ago