Import API Methods

Table of Contents:

(info) Note: Notice that in each API call you must provide the List ID that you are working on, otherwise the default List ID will be used. 

Methods Summary

GET /api/import/<Import ID>


This method returns a single import.

Response Example

GET URL:<list_id>/api/import/1112223334

Error Codes

  • 403 - Permission error
  • 404 - Unauthorized / Import not found

Import Statuses 

"40001": "Queued"
"40010": "Validating"
"40002": "Processing"
"40003": "Completed"
"40004": "Updating list stats"
"90001": "Error"
"90008": "Invalid"
(info)  Any status >= 90000 are final statuses of errors.

GET /api/import


This method returns paginated import results in response.

POST /api/import


This method is used to create an import.



Optional number - The list id to which the import should be saved under. Default - Default list ID


Required string - Full url to the CSV/TXT file, or ZIP that contain only 1 CSV/TXT file


Required string - Comma (,), Pipe (|), Tab (t) or Semi colon separated (;). Default: Comma (,)


Optional string - Default: UTF-8


Optional boolean - Overwrite existing contact. Default: False


Optional boolean - Do not overwrite with null values. Default: False


Optional boolean - Overwrite only null value fields. Default: False


Optional boolean - Send welcome email/SMS to new contacts in this import (Default: False)


Optional json - Default: All fields in current list


Optional string - Import action:

remove – hard delete for all list types

unsubscribe – unsubscribes (only for sending list type)

resubscribe – revives soft delete and unsubscribe (only for sending list type)

add – adds a new contact(default)

bounce - Marks contacts as Hard bounce

complaint - Marks contacts as complaint


Optional string - Indicate the type of list you are importing into. Values can be:

sending (Default)


Request Example - Sending List Import

POST URL:<list_id>/api/import

Request Example - Suppression list import

POST URL:<list_id>/api/import

Response Example

Error Codes

  • 403 - Permission error
  • 500 - Validation error

Password Protect Import File Feature

  • You can password protect the the file you want to import, by zipping it up into a zip file, and setting a password on that zip file.
  • In order for Ongage to then be able to open that file, go to the Account General Settings Page, and enter there the password needed to open the zip file.

Additional Security Measures Beyond Password Protection

The API import call requires indicating a URL to the import file. You can secure that URL in the following manner:

  • Place the file just prior to the import and delete the file right after the import.
  • On the client's web servers (regardless of which web server) there is always an accesslog. If the file is deleted from the server after Ongage downloaded it + if the access log doesn't show any other download other than Ongage, it means the data is safe.
  • Disabling directory indexing.
  • Renaming the import files to a random and long string will also help protecting against people finding the URL as long as directory indexing is disabled.
  • You can make the directory accessible only to your IPs and Ongage's IPs. Ask Ongage support for how to obtain a list of Ongage IPs.
  • Finally, as an additional security measure you can use https instead of http.

How to Import a file from an S3 bucket


  • You have AWS account.
  • You have an S3 bucket (With the name ‘my_company_name_ongage_imports’ for example).


In order to initiate an import via Ongage API, you will need to provide a URL to a file that can be downloaded via the API.

If your requirement is to import a file that resides in an S3 bucket, you will need to generate a Pre-signed URL and include the generated URL in the “file_url” field in the Import API request payload as mentioned above under POST API/Import end point.

(warning) Note: In addition to setting up S3 bucket, the initial one time setup will include whitelisting Ongage Server IPs as and if required. It is preferred to schedule scripts that will update the security policy everyday on the newest IPs set of Ongage servers. To know more about Ongage IPs, you can contact Ongage Support.

(warning) Note: Pre-signed URLs that you generate have already a degree of security as they are temporary and expire after a specific period (e.g. 1 hour). As mentioned additional security measures can be achieved by whitelisting the required IPs of Ongage servers.

Step by Step walk through

  1. Setup IAM user and a S3 Bucket Policy with GetObject permissions.
  2. Whitelist Ongage servers IPs as required.
    1. In case that the security policy requires you to whitelist specific IPs. Please use the “aws:SourceIp”. You can follow this example for more details.
    2. The list of IP CIDR ranges to whitelist can be found using this bash command line “nslookup -type=TXT
  3. The final bucket Policy is expected to look like;

  4. As part of the code that makes the HTTP request to Ongage API, add a code to generate an S3 pre-signed URL via credentials of the IAM user that was granted with the Bucket Policy.

    1. Amazon provides SDK to all common languages, here are sample code for several languages:

      1. Java -

      2. PHP -

      3. Python -

      4. .NET -

  5. Write the code to execute a POST api/import API call.