The ROCS API allows you to sync your database with ROCS database for better customer, list and campaign management. Create customer portals, add a subscribe form to your customer profile page, link campaign stats to your database, sync communication activity with your database, and moreā€¦

  • OAuth2 handles usernames and passwords so you don't have to.
  • Standard customer api makes it easy to get and update core customer data
  • Dynamic customer api makes it easy to get and update customized customer data
  • Webhooks allow you to collect information in real time. Provide a URL, decide when and where you want that URL to receive data about supported events, and we'll send over the data as things happen.

Getting started

  1. Contact your Key Account Manager to set up an client application for OAuth2 authentication. We will send you all necessary details to start using the API
  2. Make sure you read through all documentation. Start with understanding the OAuth2 flow, check out the API details and samples
  3. Start developing...


We use the OAuth 2 protocol (client credentials grant flow) to allow websites or applications to request authorization to a ROCS API account without requiring the account username and password. The OAuth 2.0 Client Credentials Grant Flow permits a web service (a confidential client) to use its own credentials to authenticate when calling another web service, instead of impersonating a user. In this scenario, the client is typically a middle-tier web service, a daemon service, or web site.

The following diagram explains how the Client Credentials Grant flow works in Azure AD.

Client Credentials Grant flow
  1. The client application authenticates to the Azure AD token issuance endpoint and requests an access token.
  2. The Azure AD token issuance endpoint issues the access token.
  3. The access token is used to authenticate to the secured resource.
  4. Data from the secured resource is returned to the web application.

Have a look at The Azure AD authentication Library (ADAL) to find a library for your environment

Response status codes

The responses returned by the API are accompanied by meaningful HTTP status codes which represent the status of the request.

  • GET requests will return a "200 OK" response if the resource is successfully retrieved.
  • POST requests which create a resource we will return a "200 OK" and the created resource response if successful.
  • POST requests which perform some other action such as executing will return a "200 OK" response if successful.
  • PUT requests will return a "200 OK" and the updated resource response if the resource is successfully updated.
  • DELETE requests will return a "200 OK" response if the resource is successfully deleted.


  • General errors will return a "500 - Internal Server Error" response.
  • Authentications errors will return a "401 - Unauthorized" response.