Xoxoday Plum supports delivery as an embedded mobile web view within your organisation’s existing rewards app, enabling rapid deployment while native integration alternatives via REST APIs or SDK are evaluated to meet your security, performance, and user-experience requirements.
Mobile Integration Made Flexible
Xoxoday Plum offers multiple integration pathways to fit how your organisation has already built its employee or customer-facing apps. The embedded mobile web view approach is the fastest route to production — your existing mobile app hosts a Plum web view, and employees or customers access the full rewards catalogue without any native app store deployment cycle. This approach works effectively for organisations running custom-branded rewards programs inside existing mobile applications. Because the web view loads directly within the host app’s container, users experience a seamless journey without switching between applications, and your IT team retains full control over the app shell and branding.Why Start with a Web View
An embedded mobile web view lets your organisation go live quickly while longer-term architectural decisions are still being scoped. There is no dependency on native app store review cycles, and Xoxoday Plum handles all catalogue updates, redemption flows, and reward fulfilment on the backend — changes reflect immediately without a client-side release. This is a proven pattern for organisations integrating Xoxoday Plum into HR platforms such as Darwinbox or SAP SuccessFactors, where web-rendered modules are already a standard approach for embedding third-party services inside enterprise apps.Evaluating Native Integration Alternatives
As your integration matures, Xoxoday Plum also supports deeper native integration via REST APIs and a mobile SDK. These options give your IT team finer control over rendering, caching, biometric authentication, and offline behaviour — capabilities that matter when user-experience benchmarks or internal security policies require native-grade performance. Xoxoday Plum’s API layer supports token-based authentication and is compatible with enterprise identity providers and SSO systems. For organisations with strict data residency or zero-trust network requirements, the API-first approach allows each request to be routed through your organisation’s own security perimeter.Security and Compliance Alignment
Regardless of which integration approach your organisation chooses, Xoxoday Plum maintains compliance with ISO 27001 and SOC 2 Type II standards. All data exchanged between the host app and Xoxoday Plum — whether through a web view, REST API, or SDK — is encrypted in transit using TLS 1.2 or higher. Your IT and security teams can review Xoxoday Plum’s integration architecture, data flows, and access control model during a technical discovery session. This ensures the selected approach aligns with your organisation’s internal policies and governance requirements before go-live, reducing implementation risk on both sides. Learn more: [Xoxoday Plum Help Centre — General](API & SDK Integration Options
Connect Xoxoday Plum to your existing systems using REST APIs and token-based authentication for deeper native integration.
Security & Compliance Standards
Learn how Xoxoday Plum maintains ISO 27001 and SOC 2 Type II compliance across all integration types and data flows.