Technology Partners
Are you in the right place?
If you're a business user, or are building a custom integration for one business user and not available publicly, please refer to the overview of our Customer API.
If you're a technology company looking to build a public integration available in our integration directory, you're in the right place. |
Introduction
Welcome to the documentation for integrations built by Trustpilot partners, which enable business users to collect, showcase, manage, and learn from reviews with our partners’ solutions. This section includes the technical details you’ll need to create and implement a partner integration, as well as the details of our Trusted Integration Program, including the application process, the requirements to be accepted, and guidance on how to become a top-tier integration partner. Check our integration directory for inspiration from other partners.
With any issues or feedback, please reach out to your Partner Manager or tech_partnerships@trustpilot.com. |
Building an Integration
To begin building and implementing an integration, you’ll first need to be approved to create a Trustpilot partner integration by applying here (learn more in the next section on our Trusted Integration Program). Then, you’ll receive your Partner API Keys, and can follow the below instructions to start building.
1. Get your partner credentials from Trustpilot
Once approved, your Partner Manager will:
- Send over your Partner API keys and your Partner ID
- Ask you for an email address that you’d like to use as your Trustpilot business user login. You’ll need this Trustpilot business user in order to complete Step 2 below.
- Ask you to provide any Redirect URIs so that we can allowlist them for your OAuth2.0 workflow in Step 6. For whitelisting, you can simply provide us a base domain or subdomain — it doesn’t need to be the full path URI.
2. Generate an access token using your partner credentials
To generate a partner access token, you can follow the Grant Type: Password steps in our documentation here: Authentication - Trustpilot API Documentation
This will allow you to create an access token for Steps 4-5. The access token lasts for 100 hours, and after that time is up, you can simply generate a new one or refresh your token as outlined in the documentation above.
Below is an example of generating an access token with Grant Type: Password using Postman:
Note: Please make sure that you do not have 2-step verification enabled for your business user, otherwise you won’t be able to generate an access token this way. To disable 2-step verification, please follow the guide here. |
3. Prompt customer for their domain to get their Business Unit ID (BUID)
Now that you have your partner access token, you can prompt the customer for their domain to check that they’re eligible to use partner-built integrations (Step 4) and to generate API keys for that customer (Step 5). Once you have their domain, use our Find a business unit API endpoint to get their BUID.
The required parameter here is the “name”, ie. the website’s domain. As a quick example, if you wanted to look up the BUID of Trustpilot’s demo site trustpilotdemo.com, you’d pass along the string “trustpilotdemo.com”.
Try it yourself, just remember to replace the API key with your own partner API key.
https://api.trustpilot.com/v1/business-units/find?apikey={{apikey}}&name=trustpilotdemo.com
Example response:
Once you get the response back you want the “id” field. This is the BUID for the domain you just searched.
4. Check the BUID’s permissions and eligibility
Customers need to have partner permissions enabled in their Trustpilot Business app. Prompt the customer to toggle this on, if it’s disabled here: https://businessapp.b2b.trustpilot.com/account/permissions
Note: Be aware that the customer will need to have an Admin role in their Trustpilot account to update their permissions! |
Using your partner ID (Step 1), your partner access token (Step 2), and the customer’s BUID (Step 3), you can now check if this customer is eligible to use partner-built integrations:
HTTP Method: GET
URL: https://api.trustpilot.com/v1/private/partners/{partnerId}/check/{businessUnitId}
Parameters:
Parameter |
Description |
Type |
Required |
Example |
partnerId |
The ID of partner integration |
string |
Yes |
cd94b09c-8f89-11ea-bc55-0242ac130003 |
businessUnitId |
The ID of business unit |
string |
Yes |
507f191e810c19729de860ea |
Responses
Response code |
Description |
200 |
Customer do not have rights to use this integration |
201 |
Customer has sufficient right to use partner integration |
403 |
Incorrect authentication for Business Unit |
5. Create API keys for the customer
If you have received a greenlight in the form of a 201 status code in Step 4 and the customer has enabled partner permissions in their Trustpilot account, you can now generate API keys on behalf of the customer.
HTTP Method: POST
URL: https://api.trustpilot.com/v1/private/partners/{partnerId}/key/{businessUnitId}
Parameters:
Parameter |
Description |
Type |
Required |
Example |
partnerId |
The ID of partner integration |
string |
Yes |
cd94b09c-8f89-11ea-bc55-0242ac130003 |
businessUnitId |
The ID of business unit |
string |
Yes |
507f191e810c19729de860ea |
Responses
Response code |
Description |
200 |
Customer do not have rights to use this integration |
201 |
PartnerCustomerKey has been created |
403 |
Incorrect authentication for Business Unit |
404 |
Incorrect PartnerID |
6. Prompt customer to go through OAuth2.0
To generate a customer access token, you use the customer API keys generated in Step 5 and follow the Grant Type: Authorization Code steps in our documentation here: https://developers.trustpilot.com/authentication#auth-code
Using these steps, you’ll present companies with a Trustpilot login form based on the documentation above. Once they login, it will redirect to a URI of your choosing with the authorization code appended on — just make sure that you’ve provided us with this Redirect URI ahead of time (Step 1)!
Once you have the Authorization Code, you can generate the customer access token and store that on your side. This will allow you to make /private/ API calls on behalf of the customer — these calls will be labeled with Authentication: Business user OAuth Token in our documentation.
Keep in mind that the access token lasts for 100 hours, and after that time is up, you can refresh the token using the same guide above.
Note: You’ll also need to include your Partner ID (Step 1) as an HTTP header in any calls when using the customer API key or customer access token. |
7. Accepted Integration Use Cases
The below use cases for integrations are the most popular and deliver the most value to our users. We generally will accept any integration with one of these use cases into our Integration Partner Program. If you have ideas for an integration that meets a use case not listed here, please let us know! We’re always open to new ideas if they deliver real value to our mutual customers.
We’ve linked to documentation about the most commonly used endpoints below, but please explore the rest of this developer site for more.
Invite
Use the API to trigger a review invitation from a business to their customer in response to a certain event. This use case is common for ESPs and eCommerce platforms.
- Create invitation(s): This API endpoint triggers email invitation(s) to send from Trustpilot’s system. You can create both service review invitations and product review invitations using this endpoint. If you only want to create a service review invitation, you can omit the productReviewInvitation section.
- Generate service review invitation link: Generate a unique invitation link that can be sent to a consumer by email or website. Use the request parameter called redirectURI to take the user to a product review link after the user has left a service review.
- Create a product review invitation link: Given information about the consumer and the product(s) purchased, get a link that can be sent to the consumer to request reviews. Can be used alone or as a redirectURI for the link service review invitation link above
Showcase
Use the API to showcase real-time reviews and ratings on different platforms and channels. This use case is common for ESPs, personalization and conversion tools, and image/video generators.
- Get a business unit’s reviews: This method gets all the reviews written about the business unit and does not include private information.
- Get product reviews: This method allows you to get business unit product reviews for SKUs and / or productUrls.
Reply
Use the API to manage and reply to reviews from a third-party platform. This use case is common for helpdesks, reputation managers, and social aggregators.
- Reply to a review: By using the reviewId from the "Business unit private reviews" endpoint above, you can respond directly to reviews.
- Reply to a product review: Create a new comment for a product review.
Review Ingestion for Analysis
Use the API to ingest the reviews for use in analysis. This use case is common for reputation management and analytics services.
- Business unit private reviews:Once you have an access token for a specific business user, you'll be able to use that token on any private API call for any of the domains on their account.
With location reviews:
Get all Locations
https://api.trustpilot.com/v1/business-units/{{businessUnitId}}/locations?apikey={{apikey}}
Quick notes:
• Our Locations offering is relatively new, so not all businesses choose to set up locations on Trustpilot and will just collect on the brand level.
• If the business has locations, the API endpoint will list up to 200 locations. To paginate, you can use the 'page' parameter (eg. ?page=2, ?page=3, etc).
• If the business unit doesn't have any locations, the response will return an empty array.
Security and Audit Requirements
Before launch, you'll need to go through a security and audit meeting before it can be signed off. We want to ensure a smooth audit process for all our partners so we have the best possible launch for an integration. Ensure you meet these requirements to pass our audit.
- Prepare your demo: Every audit will require a demo of the integration from initial connection through to functionality showcasing; ensure you have a demo environment ready to go before your audit call.
- Customer Authentication: This is an important one; the customer authentication process will be checked thoroughly to ensure it meets our guidelines. Any deviation from the documentation could result in a failed audit. Please ensure you've followed our documentation and reach out to your Trustpilot partner manager or Tech lead if you have any questions.
- Error handling: It's important to showcase clear errors to users when they go through the installation phase of the integration.
With any issues or feedback, please reach out to your Partner Manager or tech_partnerships@trustpilot.com. |
Errors and Troubleshooting API calls
Error Code |
Error Meaning |
400 |
Malformed request. Please review the request you're making and ensure it's correctly formatted. |
401 |
Unauthorized. Lacked the valid authentication required for the request being made. This might also mean that they're using the wrong kind of authentication or that there's an error with the authentication. Please ensure the token has the relevant access to the BUID and the request matches the authentication required in the documentation |
403 |
Forbidden. You or the customer don't have access. This is typically due to admin rights. Check if the application is enabled and that the user has access to the domain + admin status. Display this message to the end user: “You need a paid Trustpilot plan to use this integration. Contact Trustpilot here to get access.” |
404 |
Incorrect PartnerID. |
415 |
Unsupported media type. Check that the documentation has been followed thoroughly. Typically a small issue (eg. headers) is causing the error. |
500 |
Server error. Try again in 5-15 minutes. |
501 |
Request not supported. |
Trusted Integration Program Details
Overview
The Trusted Integration Program rewards partners who build great integrations with marketing, technical, and partnership support. Partners accepted into the program will be featured on our Integrations Directory. By driving adoption of their integrations, partners will unlock higher tiers of support.
To be accepted to the entry level of the Integration Partner Program, integrations must meet a series of requirements.
Requirements
- The integration is built following the instructions in this article, including the use of oAuth authentication.
- The integration meets at least one of the accepted integration use cases.
- The integration has been tested by 5 beta users.
- Provide a test account with full access for Trustpilot’s product team.
- Provide support for end-users: publish thorough support documentation and provide contact information for customers who need integration support.
- Agree to our terms and sign our Master Partner Agreement.
Who can use the integration?
In general, partner-built integrations are available to users on a paid Trustpilot plan. Free users will not have access to the integration.
How to apply
- Fill out our application form to tell us about the integration and to request API credentials.
- Your request will be approved based on your proposed use case. Our accepted integration use cases are generally always approved, but we’ll review other ideas on a case by case basis.
- If approved, your Partner Manager will share our Master Partner Agreement for signature.
- Once signed, your Technical Partner Lead will supply your API credentials and will be available for questions and technical guidance.
- After completing your integration and meeting all requirements listed, demo the integration for your Technical Partner Lead for final technical approval.
Tips for getting your application approved
A well-defined and complementary use case: Please be as specific as possible when telling us about the description and value prop of your intended integration. You may have already shared your idea with someone else at Trustpilot, but our team will likely be reviewing it for the first time, so we need all the details you can give us.
We aim to launch partner solutions that complement and augment the Trustpilot service. We're unable to approve integrations that directly compete with our own product. Please familiarize yourself with the Trustpilot product before applying — our support center is a great place to start.
Region: We look for partners who operate in the same regions we do (North America, EMEA, APAC) to cut down friction around time zones and ensure we can provide support to mutual customers.
Account mapping: We prioritize integrations that will make a big impact on our existing customer base, so it's essential that we can map accounts (with Crossbeam, Reveal, or manually via Excel). Since partner integrations are only offered to businesses on a paid Trustpilot plan, so this exercise can also help determine if mutual users will have access. Our partnership tiers are designed around integration usage, so it's important that we are aware of the total addressable market and can set goals around integration adoption.
Established business with existing reputations: We're looking to partner with best in class established businesses who are able to provide our customers with a top tier experience. Applications with no website listed, a website that isn't launched yet, a personal email address, or with details missing, don't stand out as a good fit for our program. If you are just starting out, consider reapplying when your integration development process is tested and true.
Shared values mapping: Trust, transparency, and platform integrity are the pillars of our business. We cannot accept integrations that help businesses “cherry pick” their reviews, display misleading information around a business' performance on Trustpilot, or incentivize reviews. Learn more about our values here.
Sign our Master Partner Agreement: We can only share the Partner API once you've signed our Master Partner Agreement. Please review those terms as early as you are able to so as not to lose momentum between when your application is accepted and when you are able to receive your partner API credentials.
Once your application is submitted, our team will be in touch with you to let you know if your application is approved, rejected, or if we need additional information. Please note that due to the high volume of applications that we receive, we may not be able to provide detailed explanations of why a specific application is rejected. If your application is rejected we encourage you to review our accepted use cases and reapply with as much detail as possible.
Becoming a top-tier integration partner
Any partner who meets all requirements listed in this article can be accepted to our Integration Partner Program as an entry-level partner, which will allow your integration to be listed in our public directory. To become a mid-or top-tier partner, we have only one criteria: integration adoption. As more customers become active users of the integration, you’ll unlock new tiers of co-marketing, go-to-marketing, enablement, and commercial support. We have a few best practices that our top-tier integration partners are already following to increase adoption.
Account mapping
Almost all of our integrations are available to users on our paid Standard plan. We suggest that all new partners begin by mapping accounts with us so that we can identify joint customers who already have access to the integration. We highly recommend using either Crossbeam or Reveal to do so in a secure and easy way. If you do not use either of these services, we can also do a manual account-mapping exercise.
Targeted communication
After completing this exercise, you’ll have a list of all customers who have access to this integration. Use it to segment communication to them and encourage adoption in a targeted way.
- Train your customer-facing representatives on the new integration so that they can share it with customers when relevant.
- Announce the integration to current joint customers across channels. At a minimum, we recommend email, in-app messaging, and CSM outreach.
- Add the integration to the user journey so future customers can find it. We recommend including it in CSM onboarding calls, in automated onboarding emails, and in your user dashboard.
Though social media posts, newsletters, and press releases can drive awareness and adoption (and we definitely encourage these as well!), we’ve seen that the above steps will have the biggest impact on adoption.
With any issues or feedback, please reach out to your Partner Manager or tech_partnerships@trustpilot.com. |
FAQ
I'm trying to develop an integration for a specific customer(s) or have already built an integration using a customer's API keys. Does this count?
You're welcome to develop an integration for customers using our public and customer API, but this will be an agreement between you and the customer without the involvement of the Trustpilot partner team. Your integration won't be part of our program and will not be listed on our public directory. Think of it as more of a custom solution for a specific client(s). Integrations must be built on the Partner API to be part of the program.
Do we have to use the partner_ID when creating an integration?
Yes, this is important for tracking visibility and customer control to enable/disable the integration as they wish.
For your integration to receive approval, you need to ensure your partner_ID is being used when making calls to Trustpilot's API. At the point of authorizing users for the integration, keys must be created on a per user basis every time they connect.
How can we find (business Unit ID) BUID?
You can find BUIDs via our Business Units API. Take a look at searching for a business unit here. Remember, even if you have the correct BUID, the user needs the relevant access to the account in order to call private endpoints otherwise you'll get a similar 'forbidden' message returned.
What are Trustpilot Modules and how do they relate to integrations?
We offer a freemium model. Paid plans begin with Standard, with optional modules to amplify a plan for stronger results in key areas. Learn more about those plans and modules here. All integrations from tech partners are available on the Standard plan.
Glossary of partner terms
Term |
Meaning |
Sources |
Partner_ID |
This is your unique identifier when building your partner integration; it's a static ID you will use when making calls to our endpoints so the activity can be tracked against your integration. |
|
OAuth 2.0 |
OAuth is the way you authenticate your users to use the integration. Authenticating via OAuth will allow you to gain an access token to make calls to private endpoints on behalf of a customer. |
|
Grant Type |
A grant type determines the exact sequence of steps that are involved in the OAuth process. The grant type also affects how the client application communicates with the OAuth service at each stage, including how the access token itself is sent. |