Introduction
The Voyage CDP REST API is a per-brand-scoped HTTP API over the Voyage Customer Data Platform. It lets a brand read its own customer profiles, event history, sessions, and segments, manage its API keys, and ingest storefront events from the browser pixel.
Base URL
Section titled “Base URL”https://cdp.vyg.appAll endpoints are rooted under /cdp. The custom domain is bound in production; other
stages use the default API Gateway execute-api URL.
What you can do
Section titled “What you can do”| Area | Endpoints |
|---|---|
| Profiles | GET /cdp/profiles, GET /cdp/profiles/{id}, GET /cdp/profiles/{id}/events, GET /cdp/profiles/{id}/sessions |
| API keys | POST /cdp/keys, GET /cdp/keys, POST /cdp/keys/rotate, POST /cdp/keys/revoke, DELETE /cdp/keys |
| Segments | POST /cdp/segments, GET /cdp/segments, GET /cdp/segments/{id}/members |
| Ingest | POST /cdp/ingest |
Core ideas
Section titled “Core ideas”- Tenant isolation is the contract. Every read is bound to the caller’s brand shop scope. A key for shop A can never read shop B’s data. See Tenant Isolation & Scope.
- Two credential classes. Data reads use a
vyg_API key (Bearer). Key management (issue / rotate / revoke / list) requires a session credential — an API key cannot manage keys. See Authentication. - Bounded reads. The CDP runs on one shared Unomi/OpenSearch cluster across every brand, so page sizes are capped and deep offsets are rejected in favour of an opaque, scope-bound cursor. See Pagination.
- Credential-free ingest. The storefront pixel posts events with no credential; the server injects the upstream Unomi credential. See Ingest.
Provenance
Section titled “Provenance”Every profile carries a required provenance label — server, pixel, or merged — so
a consumer never mistakes a probabilistic identity collapse (merged) for one
deterministically resolved human (server). The customers bucket returns
deterministically-resolved identities (a merged master can appear, but is clearly
labelled); the anonymous bucket returns pixel-only profiles.