Skip to main content

Profile Command API


The Profile Command API allows an organization to Opt Out on behalf of its users.

  • Removes the historical profile data from the user profile service.
  • Future profile data will not be added to the user profile service.
  • The client should continue to pass the same userid for the user. If they create a new userid then we will treat them as a new user. 
  • Once opted out, the user cannot be opted back in and the user's profile will be removed from the Personalization cloud.

Authentication to Algonomy Gateway 

The authentication to the Algonomy API gateway is facilitated using Oath2.0- grant-type client credentials.

Note: Contact your Algonomy Customer Support Team to request a client_id and client_secret for your exclusive use.

Algonomy will create client_id and client_secret for each site (configured for each customer) and will share them in the requested method.

The client_id and client_secret key are required to obtain bearer tokens for accessing the Profile Command API service. Bearer tokens have a system-defined time-to-live (TTL) validity period. Once TTL is reached, customer systems need to request a new bearer token with the provided client_id & client_secret.

Note: The bearer token Time to Live (TTL) for the Profile Command API service is set at 8 hours, equivalent to 28,800 seconds. To ensure uninterrupted service utilization without encountering authorization failures, requesting a new bearer token every 8 hours is recommended.

Creating Tokens 





Note: You need to create different tokens for each environment. For example, tokens created for the QA environment can be used only in the QA environment. You cannot use it in the production environment.

To create tokens, use the request syntax below:

POST https://<host>/profile-command/v1/oauth2/token?grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>

Note: Replace client_id and client_secret with the corresponding values provided to you by the Algonomy consultant.

Sample Request 

To obtain a token for the profile command API in the QA environment.

In this example, the client_id is5934de97c95e1ced and the client_secret is 2l9dr0jkink11ad49hg93it52d.Each customer will have a unique client_id and client_secret.


Sample Response 

"token_type": "bearer"  
"access_token": "M6w0M0K9QbQGHC8xgvb91ZgLMKaW4xOd",
"expires_in": 28800      

Note: The "expires_in" value returned in the OAuth token response indicates the duration of the bearer token's validity in seconds. This directly corresponds to the token's Time to Live (TTL). For example, if "expires_in" is set to 28,800 seconds, the token remains valid for exactly 28,800 seconds, which is 8 hours. After 8 hours, the token will expire, and a new token must be requested to continue accessing the API. 

Example with cURL:

curl -X POST -d "grant_type=client_credentials" -d "client_id=5934de97c95e1ced" -d "client_secret=2l9dr0jkink11ad49hg93it52d"

Error Response: 

"error_description": "Invalid client authentication",
"error": "invalid_client"


"error_description": "Invalid grant_type",
"error": "unsupported_grant_type"

Requests to Algonomy Gateway Require the Bearer Token  

For every Profile Command API call, the bearer token value obtained in the Creating Tokens step should be included as part of the Authorization header.

'Authorization:Bearer <tokenValue>'  

Example: To optOut from personalization and delete the profile associated with a specific user ID, use the below API request.

'Authorization:Bearer M6w0M0K9QbQGHC8xgvb91ZgLMKaW4xOd’

Example with cURL:

curl -H 'Authorization:Bearer <tokenValue>'<apiKey>/optOut/userId

Updating Opt Out

PUT https://<host>/profile-command/v1/<apiKey>/optOut/<userId>    

PUT: Enable the opt-out of a user with the given ID.

Name Required or Optional Description
userId Required (string) A path parameter that specifies the user ID on whose behalf the data is being sent.

Profile Command - API Body

Element Data Type Required or Optional Description Values


Required "optOut" is the only value currently available. In the future other types of data will be able to be sent.




Required Boolean value: true or false. "true" will opt the user out.




Substitute the userId in its placeholder and the access_token received from the OAuth request in the "token" placeholder.

curl -X PUT \<apikey>/optOut/{userId} \
  -H 'Authorization: Bearer {token}' \
  -H 'Content-Type: application/json' \
  -d '{
"type": "optOut",
"enableOptOut": true

Good Response:


Error Response:

"error_description": "The access token is invalid or has expired",
"error": "invalid_token"

Throttling of API requests 

Profile-Command API requests are subject to rate limiting as described below. 

The API will respond with HTTP 429 Too Many Requests if the system receives requests above the specified throughput.

API Limits 


Request Types

Payload limit





API will accept up to 100 user ID updates per second.


  • Was this article helpful?