Rollick Lens API Integration


This API allows for displaying the Rollick Lens view within a dealer's CRM provider account for a particular prospect. 


An authenticate header must be included in all API calls to authorize the caller.  The authenticate header uses a public and private key along with some other unique values to authenticate at a system level. The authenticate header does not secure the message content so the use of transport layer security (SSL) is strictly enforced.

Authentication Header Format:

Below is the format of the Authenticate header that shows the various parameters within the signature.

Authenticate: Bearer timestamp="{timestamp}",nonce="{nonce}",signature="{signature}",publickey=”{publicKey}” 

Authentication Header Parameters:

  1. timestamp (int): Number of seconds passed since January 1, 1970 UTC. 
  2. nonce (string): Randomly generated string with length 50. 
  3. signature (string): String with hexadecimal digits generated by the HMAC algorithm. 
  4. publicKey (string): String provided by Rollick for the purposes of authentication.

To Generate an Authentication Header:

  1. Generate a nonce as a randomly generated string with a length of exactly 50. Requests with the same nonce in the same hour will be rejected so this needs to be unique.
  2. Concatenate the timestamp, nonce, and provided publicKey values. 
  3. Create the signature by encoding the concatenated result using the HMAC algorithm using the privateKey supplied by Rollick as the key and SHA256 digest. 
  4. Fill in the values for timestamp, nonce, signature, and publicKey in the Authenticate header.

Example Authenticate Header:

Authenticate: Bearer timestamp="1621635868",nonce="jH241XBpjCQONmbKkxRbVqo5QdlBoFAMbDCZY6IirOW1tlctEq",signature="18186378620e531fc07223d6dc107eb370907964a0b2a5deb22e6f98012cd279",publickey="A776DBCF-0641-4DE7-92DC-17F31F3FEA3E"

Lens API

The Lens API is a JSON POST API that receives a SourceProspectId and DealerNumber and returns a URL that the user can be redirected to in order to view the Lens page for the specified Lead. The API sets up a Single Sign On session to the appropriate Aimbase instance and the authentication details are included in the URL returned by the API.  The URL is only good for the active session and is subject to expiration.  The call to retrieve the Lens URL should be done once the button is clicked in the source system.  Generating on page load is not recommended as the link may expire before the user tries to access Lens.

Lens API End Pointhttps://crmintegration/api/Lens?provider={provider}

Lens API Parameters:

baseAddress (string): The host part of a URL that the API is located at. This will be different for testing and production environments. This will be provided by Rollick.

provider (string): A string value that identifies the inbound source system of the API call. This will be provided by Rollick.

sourceProspectId (string): A prospect identifier sent to the source system of the API call with each lead. This value is sent to the source system as part of the separate Lead integration and should be stored with the Lead record so that it can be used to send disposition updates in a separate integration or to retrieve a Lens view URL via this integration.

dealerNumber (string): The unique identifier of a dealership(s) in the source system. This should be the dealership(s) of the lead and of the user that is attempting to see the Lens view for the lead. 

Example Request:

POST https://{baseAddress}/api/Lens?provider={provider} 
Content-Type: application/json
Authenticate: Bearer timestamp="{timestamp}",nonce="{nonce}",signature="{signature}",publickey="{publicKey}"
    "SourceProspectId": "aimbase_traversebikes-12345",
    "DealerNumber": "ABC123"

Example Response:

    "Url": ""