Skip to content

Web API v2

The Voyado Elevate 3 Web API v2 makes it easy to integrate Elevate into a site by enabling both client and server side integration. It consists of two main components:

The Web API also includes methods for GDPR data management for Voyado Elevate 3 data.

Web API availability

The Voyado Elevate 3 Web API v2 is only available for Vodayo Elevate Cloud customers.

What's new

The Elevate 3 Enterprise Web API v2 has been designed to reduce integration time even more than the previous version and also added new features. The main changes are:

  • Removal of overcomplicated security mechanisms in favour of simpler ones
  • Easier and cleaner query result
  • Stronger validation in notifications and panel queries
  • Exports are now supported

Furthermore v2 comes with a reworked JavaScript library. The major improvements are:

  • Promise-based instead of callback-based implementation
  • More client-side validation of required parameters
  • Better structure and more encapsulation

For more information about breaking changes in Web API v2 and how to upgrade from v1, see upgrading to Web API v2.

Getting started

Supported browsers

The Web API v2 is built to support major browsers such as Mozilla Firefox, Google Chrome, Safari, and Microsoft Internet Explorer (10 and newer).


Voyado Elevate Cloud environment configuration is a part of the customer onboarding process. This configuration is performed by Voyado, but for it to be completed some information regarding origin host settings and selected client side payment strategy are needed from the customer. The customer must also verify that the connection requirements are met when using the RESTful API.

With this provided to Voyado the initial set-up for the Web API will be performed, and the following information is returned to the customer.

  • A private key / Api-Key - used when importing/exporting data and sending payment notification
  • Cluster ID - used when requesting data from the Vodado Elevate Cloud
  • Voyado Elevate apps and Manager access rights

The private key and cluster ID are also available in Credentials tab of the Integration app. When the cloud configuration is completed, customers can contact Voyado Support if there are any questions about the current security settings used for their Elevate cluster, or if the security settings must be changed.

Origin host

The origin host is part of the security settings for a cluster. It specifies what domain Ajax requests to the cluster are allowed to originate from.

Default configuration allows Ajax requests originating from all origins but a restricted access to the Web API is recommended. The following information is needed from the customer to configure the origin host correctly:

  • Protocols (HTTP/HTTPS)
  • Domains (subdomains)
  • Ports (80, 443)

Client side payments

Client side payment strategy is part of the security settings for a cluster. There are three different strategies for handling payment notifications with the Elevate Web API.

  • Do not allow payment notifications - Default strategy. Should be used when payment notifications are always sent server side.
  • Allow limited payments - Ignore suspicious payments e.g. payment notification that seem to be machine generated.
  • Allow all payment notifications - Most useful at an early stage of the integration.

Connection requirements

JavaScript library

The JavaScript library exposes methods to fetch panels and notify events such as clicks, adding to carts, etc. It communicates via Ajax requests with an Elevate server in the Voyado Elevate Cloud that has the Web API enabled.

For more details of the JavaScript library, see the JavaScript library documentation pages.


The RESTful API handles the communication with the Voyado Elevate Cluster. Load balancing and fail-over are both handled automatically.

For more details of the RESTful API, see the RESTful API documentation pages.

Sessions and notifications

Sessions and notifications are used to keep track of information about visitor interaction that is sent to Elevate via the Web API. The information is used to enable personalisation and to improve recommendations and more.

For more details about Notifications, see the Sessions and notifications page.

Recommendations and best practice

  • Always instantiate an api object as a variable with a URL to a cluster and market that exists.
  • A general rule of thumb is to never cache Elevate generated results. Static data such as descriptions and images can be cached.
  • When notifying payments, the recommended notification method to use is Secure payment notification.

This online publication is intellectual property of Voyado Lund AB. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.

All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Voyado Lund AB nor the authors shall be held liable for possible errors or the consequences thereof.

Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Voyado Lund AB essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.