Go To Top

How to use Private API

A guide how to authenticate and use “private” Trustpilot APIs.

top_findbusinessunitid.jpg

Introduction

The private Trustpilot API provides access to your private data, and allows to perform actions that are not exposed publicly. “Private” API requires a valid access_token to be provided with each request.

access_token is issued during successful authentication steps.

The following diagram illustrates private API usage process

Diagram steps description:

  1. Authentication via API - the 3rd party client authenticates. Upon successful authentication access_token and refresh_token is provided.
  2. Request a private resources - the 3rd party client calls private Trustpilot APIs with each request providing valid access_token.

Note:

The API request in the screenshot was made using the API client application Postman.

While the API examples provided are valid, they contain sample data and {{placeholders}}. Remember to fill in the correct values for the placeholders.

We recommend that you follow and read the documentation (links) in this guide to get a better understanding of API endpoints and how they work.

Authentication

There are two options available for obtaining access token via API:

Both authentication methods comply with OAuth 2.0 standard. Upon successful authentication access_token and refresh_token are provided in the response. 

In the following example we will use Password grant type

Note:

  • It is recommended to authenticate only when needed and reuse the access_token when requesting “private” Trustpilot APIs. Too frequent authentication requests will be rejected with HTTP error code: 429. 
  • Once the access_token has expired an HTTP error code: 401 will be returned. It is recommended to use the refresh_token to exchange it to new access_token and refresh_token.

Calling the API endpoint

In this example we will be using the “Business unit private reviews” endpoint, which takes a business unit ID parameter in request path.

curl -X GET \

  'https://api.trustpilot.com/v1/private/business-units/{businessUnitId}/reviews' \

  -H 'Authorization: Bearer {access_token}' \

Try it yourself, just remember to replace the correct access_token value.

The result: