REST API — Overview & Quick Start

The Personyze REST API is how third-party applications read and modify data in your account: customer profiles, product and article catalogs, placeholders, actions, audience lists, daily reporting summaries — all the same data the Personyze GUI works with. It uses standard HTTPS, accepts and returns JSON, and supports the four standard verbs (GET, POST, PUT, DELETE).

This page is the starting point. For the full setup walkthrough, see Authentication. For the path-parameter syntax (the where/columns/order_by/limit pattern that runs through every endpoint), see Path Parameters. For per-object column lists and method support, see Objects Reference.

Quick start

Fetch the user with internal ID 42:

curl 'https://api:YOUR_API_KEY@app.personyze.com/rest/users/where/internal_id=42'

That’s the whole shape of every request:

https://api:<API_KEY>@app.personyze.com/rest/<object>[/<modifier>/<value>...]

• HTTPS only. Plain HTTP gets 401 Unauthorized — even for localhost proxies.
• HTTP Basic auth with username api and your API key as the password (or pass it inline as in the curl example above).
• All path arguments are URL-decoded before parsing — column values containing /, =, &, or % must be percent-encoded.

HTTP methods

POST and PUT bodies use Content-Type: application/json. application/x-www-form-urlencoded is accepted as a fallback for legacy clients but JSON is preferred.

Response codes

Conventions across endpoints

id vs internal_id

Most objects expose two identifiers:

• id — the Personyze internal numeric primary key, auto-assigned on insert. Stable forever, but only meaningful within Personyze.
• internal_id — the external identifier you supply (your e-commerce SKU, your CRM user ID, etc.). Exposed for objects where mapping to an external system matters: users, products, articles.

For most integration code you’ll want to use internal_id — that way the same code keeps working even if the same data is re-imported into Personyze with new ids.

Indexed columns required on large tables

Endpoints that wrap large tables (users, events, sessions_archive, summary_actions, etc.) reject full-table scans. You must include either a where clause or an order_by on an indexed column. Error messages list the indexed columns/composites available — see Path Parameters → Indexed-column requirement for the full rules.

Composite indexes

Composite indexes appear in error messages as [col1, col2, col3]. Only the leading column of a composite is usable as a single-column filter. The other columns become useful only when combined with the leading column.

API keys are per-account

Every Personyze account you have access to has its own API key — they’re not interchangeable. Switching accounts means switching keys.

Limits & pagination

• 1,000-row maximum per request. Use limit/<count> or limit/<offset>,<count> to control page size.
• Cursor pagination preferred over deep offsets. Walking the indexed order_by column with cursor-style where conditions is much faster than deep offset values, which re-read all skipped rows.

Dive deeper

Related guides

• Setup by Site Type — Tracking, Feeds & Integrations — pick your starting point based on your site type.
• JavaScript Action Guide — for writing custom Personyze actions that run in the browser.
• Accessing Campaign Data Client-Side — read campaign IDs and variables from JavaScript on the page.