Process

To initiate the certification process, a build (app or web) should be submitted to the Thanx Developer Support team (developer.support@thanx.com). Once a build is submitted for certification, feedback will be delivered within two weeks. If no critical feedback is provided, the build will be certified and production API credentials will be issued. If critical feedback is provided, integration partners should address the feedback and resubmit a new certification candidate build, after which the two-week cycle will begin again.

  • User must agree to the Thanx Privacy Policy and Terms of Service when creating a loyalty account. The language should read

    By signing up you agree to our  privacy policy and our  terms of service

  • User must be able to navigate to the Thanx Privacy Policy and Terms of service from both App and Web experiences when logged in (may also be mentioned in another document that’s readily available in the app, e.g. the brand’s Terms)
  • Any screen where the user is enrolling their credit card for loyalty tracking must have the correct legal text (see enrollment best practices)
    • There must be 2 buttons
      • One button must include “Register card”
      • The other allow to skip enrolling the card
    • Legal content should be visible at all times
    • Links must be visible and clickable

General

  • API requests must include all required headers
  • API requests must not be unnecessarily duplicated
  • API requests should only be issued on a reasonable frequency and in response to end-user interactions (e.g. rapidly polling API for changes)

Account Creation & Authentication

  • Thanx must be the only authentication provider available for users
    • Thanx tools do not work when other authentication mechanisms are in place (eg. Google SSO, email/password)
  • User can create account via the create user endpoint
  • User can authenticate via passwordless email following Thanx SSO guidelines

Account Management

Card Management

  • SDK-based enrollment
    • This enrollment mechanism is now deprecated and will be retired on January 31st, 2024. The API-based enrollment mechanism should be used going forward.
    • API request should include properly formed encrypted_pan for all supported card types (visa, mastercard, american express)
    • Card signature should be fetched with each card enrollment
      • e.g. card signatures must not be cached
  • API-based enrollment

Purchases

Reward Redemption

  • User can view available rewards
  • User can activate and finalize a reward
  • Reward type support
    • Only in-use reward types need to be supported
    • manual - redemption conducted manually (e.g. in-store, showing server/cashier)
    • automatic - cash-back pushed directly to a user’s credit card once a qualifying purchase is made
  • Supported coupon code formats:
    • Only in-use coupon code types need to be supported
    • raw
    • qrcode
    • barcode39
    • barcode39extended
    • barcode93
    • barcode128
    • barcode_upc_a
    • barcode_ean_8
    • barcode_ean_13
    • barcode25interleaved

Expression of Loyalty

Push Notifications (Mobile Only)

  • For custom app builds, push notification certificates (Apple APNS and Google FCM) must be provided to Thanx developer support
  • User can register for push notifications

Feedback (Optional)

  • This functionality is optional and will only be validated if implemented
  • User can get feedback prompts (created post purchase creation)
  • User can submit feedback (rating and review)

Receipt Submission (Optional)

  • This functionality is optional and will only be validated if implemented
  • User can view pending receipts
  • User can upload and submit a receipt