Daiichi Sankyo · Event Cadence Whitelabel
Technical & Dataflow
Integration Documentation
A comprehensive reference for all integrations between DS360 and its connected systems — for architects, integrators, and operations teams.
Section 03
Single Sign-On
SAML 2.0 identity federation with the DS corporate IdP
Section 04
Exchange Free/Busy
Calendar availability from Microsoft 365 for scheduling
Section 05
Cvent Attendees
Attendee registration sync from Cvent into DS360
Section 06
Cvent Travel
Flight and hotel itinerary sync from Cvent into DS360
Section 07
HCP OneLink / Ad-Board
Consolidated advisory board view from Cvent + HCP OneLink
Section 08
SteepRock SFTP
Post-event HCP engagement export from DS360 to SteepRock
Section 01
Introduction
Purpose and scope of this integration reference document.
This document provides a comprehensive technical and dataflow reference for all integrations between DS360 — the Daiichi Sankyo whitelabel deployment of the Event Cadence platform — and its connected external systems. It is intended for IT architects, systems integrators, and operations personnel responsible for configuring, maintaining, and troubleshooting these integrations.
Platform Overview
DS360 is Daiichi Sankyo's branded deployment of the Event Cadence platform, used to manage congress and advisory board events for the medical affairs team. Event Cadence operates as a multi-tenant SaaS application. DS360 is accessible via web browser and native mobile applications (iOS and Android).
Integrations in Scope
- Single Sign-On (SSO) via SAML 2.0 — identity federation with the DS corporate IdP
- Microsoft Exchange Free/Busy — calendar availability for appointment scheduling
- Cvent Attendees Feed — attendee registration synchronization from Cvent into DS360
- Cvent Travel Feed — flight and hotel itinerary synchronization from Cvent into DS360
- HCP OneLink / Cvent Advisory Board — consolidated ad-board view combining Cvent and HCP OneLink data
- SteepRock SFTP Feed — post-event HCP engagement export from DS360 to SteepRock
Section 02
Integration Overview
High-level summary of all integrations, directions, and protocols.
| Integration | Source System | Target | Direction | Trigger | Protocol |
|---|---|---|---|---|---|
| SSO (SAML 2.0) | DS IdP (Okta / Azure AD) | DS360 | Inbound | User login | SAML 2.0 / HTTPS |
| Exchange Free/Busy | Microsoft 365 / Exchange Online | DS360 | Inbound | Scheduling event | MS Graph API / OAuth 2.0 |
| Cvent Attendees | Cvent | DS360 | Inbound | Scheduled poll | Cvent REST API |
| Cvent Travel | Cvent | DS360 | Inbound | Scheduled poll | Cvent REST API |
| HCP OneLink / Cvent | Cvent + HCP OneLink | DS360 | Inbound | Daily + Webhook | REST APIs |
| SteepRock SFTP | DS360 | SteepRock | Outbound | Daily delta + weekly full | SFTP / CSV |
Section 03
Single Sign-On — SAML 2.0
Identity federation enabling DS employees to authenticate using their corporate credentials.
The SSO integration enables Daiichi Sankyo employees to authenticate to DS360 using their existing corporate credentials managed through the DS identity provider. Users are redirected to the DS authentication portal at login and returned to DS360 with an authenticated session — eliminating separate platform passwords. Access control operates at two levels: the IdP determines who can authenticate, while DS360 controls who has an active account.
Technical Configuration
Key Parameters
| Parameter | Value |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Azure AD, Google Workspace, OneLogin, any SAML 2.0-compliant IdP |
| ACS URL | https://account.eventcadence.com/authsaml/signonendpoint |
| Logout URL | https://account.eventcadence.com/authsaml/logoutendpoint |
| Metadata URL | https://account.eventcadence.com/authsaml/info/[org-id] |
| Name ID Format | EmailAddress |
| Name ID Attribute | Primary user email address |
| Responses Signed | Yes |
| Assertions Signed | Yes |
| Auth Context | PasswordProtectedTransport (default) |
| Mobile (Android) | Chrome Custom Tabs |
| Mobile (iOS) | Native web views |
Authentication Flow
End-to-End SAML Sequence
DS Employee
DS360 / Event Cadence
DS Identity Provider
User Browser
DS Employee
ds360.eventcadence.com
HTTPSds360.eventcadence.com
① Login
POST email
Content-Type: application/x-www-form-urlencoded
body: email=user@daiichisankyo.com
body: email=user@daiichisankyo.com
saml
DS360 Login
SAML Service Provider
SP Entity② AuthnRequest
HTTP Redirect → IdP
SAMLRequest=<base64 AuthnRequest>
Issuer: account.eventcadence.com
ACS URL: /authsaml/signonendpoint
NameIDPolicy: EmailAddress
Issuer: account.eventcadence.com
ACS URL: /authsaml/signonendpoint
NameIDPolicy: EmailAddress
saml
DS IdP
Okta / Azure AD
MFA Supported③ SAML Response
POST to ACS URL
POST /authsaml/signonendpoint
SAMLResponse: <signed XML>
Assertions: email, nameID
Signature: RSA-SHA256
SAMLResponse: <signed XML>
Assertions: email, nameID
Signature: RSA-SHA256
saml
Auth Service
Validates assertion
Matches email → account
SessionMatches email → account
ACS URL: https://account.eventcadence.com/authsaml/signonendpointLogout URL: https://account.eventcadence.com/authsaml/logoutendpointMetadata URL: https://account.eventcadence.com/authsaml/info/[org-id]NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressSignature: RSA-SHA256 on both Response and AssertionMobile: Chrome Custom Tabs (Android) · Native webview (iOS)
Data Objects
What Flows Between Systems
| Object | Description | Direction |
|---|---|---|
| SAML AuthnRequest | XML request generated by Event Cadence initiating authentication | EC → IdP |
| SAML Response | Signed XML assertion from IdP containing email and auth status | IdP → EC ACS |
| User Email | Primary identifier used to match IdP identity to EC account | IdP → EC |
| Session Token | Authenticated session returned to user on successful login | EC → User |
| IdP Metadata XML | Contains IdP SSO URL, Issuer, and signing certificates | DS IT → EC |
| EC Metadata URL | Org-specific URL with EC SAML entity ID, ACS URL, and certificate | EC → DS IT |
Setup & Constraints
Provisioning Steps
- Event Cadence supplies a unique metadata URL for the DS organization
- DS IT applies EC metadata values to the DS IdP (Okta / Azure AD)
- DS IT provides their IdP metadata XML or metadata URL to Event Cadence
- Event Cadence completes configuration — typically within 1 business day
Login Mode Options
- Email Magic Link or Email with Password (default)
- Email with Password only
- SSO only — email login fully disabled
Maintenance note: Certificate rotation in the DS IdP requires updated metadata to be provided to Event Cadence to maintain the trust relationship. Document the certificate expiry date at setup.
Section 04
Microsoft Exchange Free/Busy
Read-only calendar availability from Microsoft 365 to support appointment scheduling.
The Exchange Free/Busy integration gives DS360 appointment schedulers real-time visibility into attendee calendar conflicts sourced from Microsoft 365. The "Ask Customer" feature surfaces only available time slots to HCPs. This integration is strictly read-only — only free/busy status is retrieved. No event titles, descriptions, attendees, or locations are ever visible.
Technical Configuration
| Parameter | Value |
|---|---|
| API | Microsoft Graph API |
| Source System | Microsoft 365 / Exchange Online |
| Auth Protocol | OAuth 2.0 (Microsoft Identity Platform) |
| Auth Modes | Delegated Administrator or Service Account |
| Permissions Required | Calendars.Read (or Calendars.Read.Shared), offline_access, openid, profile |
| Data Retrieved | Free/Busy status: Free, Busy, Tentative, Out of Office |
| Token Storage | AES-encrypted; stored in Exchange Integration Service token store |
| Integration Service | https://exchangeintegration.eventcadence.com |
| Security Standard | ISO 27001 / Microsoft 365 data protection compliant |
Setup Flow — One-Time
DS360 / Event Cadence
DS M365 Admin
Microsoft Identity Platform
Event Cadence
Exchange Integration Service
exchangeintegration
.eventcadence.com
OAuth Clientexchangeintegration
.eventcadence.com
① Consent URL
Send org-specific URL
GET /oauth2/v2.0/authorize
client_id=<ec-client-id>
scope=Calendars.Read offline_access
redirect_uri=exchangeintegration.../callback
response_type=code
client_id=<ec-client-id>
scope=Calendars.Read offline_access
redirect_uri=exchangeintegration.../callback
response_type=code
oauth
DS M365 Admin
Browser consent flow
One-time setup② Admin Approves
Grant permissions
Clicks "Accept" on Microsoft
consent screen for Calendars.Read,
offline_access, openid, profile
consent screen for Calendars.Read,
offline_access, openid, profile
Microsoft OAuth
login.microsoftonline.com
/[tenant-id]/oauth2/v2.0
Azure AD/[tenant-id]/oauth2/v2.0
③ Auth Code
Redirect with code
GET /callback?code=<auth_code>
&state=<csrf_token>
&state=<csrf_token>
oauth
Token Store
Exchanges code for tokens
Stores AES-256 encrypted
access_token + refresh_token
EncryptedStores AES-256 encrypted
access_token + refresh_token
Token endpoint: POST https://login.microsoftonline.com/[tenant]/oauth2/v2.0/tokenScopes: Calendars.Read, offline_access, openid, profileToken storage: AES-256 encrypted at rest in Exchange Integration ServiceRefresh: Automatic via refresh_token — no re-consent required
Scheduling-Time Flow — Per Use
DS Scheduler
DS360 / Event Cadence
Microsoft Graph API
DS Scheduler
Creates appointment
Adds HCP attendees
TriggerAdds HCP attendees
① Schedule
Add attendees
Event: congressId, attendee emails
Requests free/busy check
Requests free/busy check
DS360 Backend
Retrieves access_token
from encrypted token store
Token retrievalfrom encrypted token store
② Graph Query
POST getSchedule
POST /v1.0/users/{userId}/calendar/getSchedule
Authorization: Bearer <access_token>
Body: { schedules:[emails], startTime, endTime,
availabilityViewInterval: 30 }
Authorization: Bearer <access_token>
Body: { schedules:[emails], startTime, endTime,
availabilityViewInterval: 30 }
oauth
MS Graph API
graph.microsoft.com
Exchange Online calendars
Read-onlyExchange Online calendars
③ Availability
Return free/busy
200 OK
{ availabilityView: "0020002...",
scheduleItems: [{status:"Busy",
subject:null, start, end}] }
No event titles/attendees returned
{ availabilityView: "0020002...",
scheduleItems: [{status:"Busy",
subject:null, start, end}] }
No event titles/attendees returned
oauth
DS360 Appt UI
Renders "Outlook Event" blocks
"Ask Customer" shows only
fully-free slots to HCP
Display"Ask Customer" shows only
fully-free slots to HCP
Graph endpoint: POST https://graph.microsoft.com/v1.0/users/{id}/calendar/getScheduleAuth: Bearer token (OAuth 2.0 delegated or service account)Privacy: Only Free/Busy/Tentative/OOO returned — no event contentIgnored: All-day events · Meetings ≥6h · Tentative eventsInterval: 30-minute availability slots
Conflict Detection Rules
- All-day Outlook events are ignored (common for travel days)
- Outlook meetings 6+ hours in duration are ignored
- Tentative Outlook events do not display as conflicts
- When an attendee is marked Required, only slots where all required attendees are free are presented
Maintenance: No recurring maintenance required. The integration operates continuously via refresh tokens managed automatically by the Exchange Integration Service.
Section 05
Cvent Attendees Feed
Automatic synchronization of event registrations from Cvent into DS360.
This integration allows Daiichi Sankyo to continue using Cvent as its primary registration system while giving attendees the full DS360 event experience — agenda, mobile app, communications, and appointment scheduling. Once an attendee registers in Cvent, their record automatically syncs to DS360, eliminating manual dual-entry.
Technical Summary
| Parameter | Value |
|---|---|
| API | Cvent REST API |
| Source | Cvent (DS event registration environment) |
| Target | DS360 / Event Cadence |
| Trigger | Scheduled periodic polling by Event Cadence |
| Match Key | Attendee email address |
| New User Action | Creates new DS360 user account + links to event |
| Existing User Action | Links existing DS360 user to event as attendee |
Dataflow
Cvent
DS360 / Event Cadence
Cvent
Event registration platform
DS congress events
SourceDS congress events
① Poll
GET attendees
GET /v1/events/{eventId}/attendees?
status=Accepted&modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Content-Type: application/json
Trigger: Scheduled poll (configurable
frequency per event timeline)
status=Accepted&modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Content-Type: application/json
Trigger: Scheduled poll (configurable
frequency per event timeline)
rest
DS360 Scheduler
Periodic poll engine
Cvent API client credentials
stored in integration config
SchedulerCvent API client credentials
stored in integration config
② Map + Dedup
Field mapping
Match key: attendee email
email → User.email (dedup key)
firstName → User.firstName
lastName → User.lastName
registrationType → AttendeeRole
registrationStatus → AttendeeStatus
email → User.email (dedup key)
firstName → User.firstName
lastName → User.lastName
registrationType → AttendeeRole
registrationStatus → AttendeeStatus
New User
Email not in DS360
→ CREATE User account
→ LINK to event as attendee
Created→ CREATE User account
→ LINK to event as attendee
Existing User
Email matches DS360 account
→ LINK to event as attendee
(no duplicate creation)
Linked→ LINK to event as attendee
(no duplicate creation)
API base: https://api.cvent.com/v1/Auth: OAuth 2.0 client_credentials grant → Bearer tokenMatch key: attendee.email (case-insensitive)Poll fields: email, firstName, lastName, registrationType, registrationStatus, eventIdSync mode: Delta — modifiedAfter param limits to changed records
Field Mapping
| Cvent Field | DS360 Field | Notes |
|---|---|---|
| Email Address | User Email | Primary deduplication / match key |
| First Name | First Name | |
| Last Name | Last Name | |
| Registration Type | Attendee Role / Type | Mapped per event configuration |
| Event ID | Event (linked) | Configured per integration setup |
| Registration Status | Attendee Status | Active registrations only |
Section 06
Cvent Travel Feed
Flight and hotel itinerary data from Cvent surfaced directly inside the DS360 attendee experience.
The Cvent Travel Feed surfaces flight itinerary and hotel accommodation data — originally managed in Cvent — inside DS360 so attendees can see all travel logistics alongside the event agenda and appointments in a single interface. Especially valuable at large multi-day congresses where arrangements may change close to the event date.
Technical Summary
| Parameter | Value |
|---|---|
| API | Cvent REST API |
| Trigger | Scheduled timer-based polling; frequency increases near event date |
| Match Key | Attendee email address |
| Sync Mode | Delta-based — only records created/updated since last sync |
Dataflow
Cvent
DS360 / Event Cadence
Cvent
Travel itinerary platform
Flight + hotel data
per attendee per event
SourceFlight + hotel data
per attendee per event
① Poll Travel
GET travel itineraries
GET /v1/events/{eventId}/travel
Authorization: Bearer <cvent_token>
Content-Type: application/json
?modifiedAfter={lastSync}&status=Accepted
→ Returns: attendeeEmail, flightNumber,
departureDateTime, arrivalDateTime,
hotelName, checkInDate, checkOutDate
Trigger: Scheduled timer-based poll
(frequency increases near event date)
Authorization: Bearer <cvent_token>
Content-Type: application/json
?modifiedAfter={lastSync}&status=Accepted
→ Returns: attendeeEmail, flightNumber,
departureDateTime, arrivalDateTime,
hotelName, checkInDate, checkOutDate
Trigger: Scheduled timer-based poll
(frequency increases near event date)
rest
DS360 Scheduler
Delta polling engine
Uses modifiedAfter to
fetch only changed records
SchedulerUses modifiedAfter to
fetch only changed records
② Match & Upsert
Update travel record
Match key: attendeeEmail (case-insensitive)
Map fields:
flightNumber → Flight Itinerary
departureDateTime → Departure Date/Time
arrivalDateTime → Arrival Date/Time
hotelName → Hotel Accommodation
checkInDate → Check-in Date
checkOutDate → Check-out Date
Sync mode: Delta — modifiedAfter param
Map fields:
flightNumber → Flight Itinerary
departureDateTime → Departure Date/Time
arrivalDateTime → Arrival Date/Time
hotelName → Hotel Accommodation
checkInDate → Check-in Date
checkOutDate → Check-out Date
Sync mode: Delta — modifiedAfter param
DS360 Attendee
Attendee profile enriched
with flight + hotel data
visible in DS360 UI
Updatedwith flight + hotel data
visible in DS360 UI
API base: https://api.cvent.com/v1/Auth: OAuth 2.0 client_credentials grant → Bearer tokenMatch key: attendeeEmail (case-insensitive)Delta param: modifiedAfter={lastSync ISO timestamp}Sync mode: Delta — only records created/updated since last pollFrequency: Configurable; scales up in days preceding event
Field Mapping
| Cvent Field | DS360 Field |
|---|---|
| Attendee Email | User Email (match key) |
| Flight Number | Flight Itinerary |
| Flight Departure Date/Time | Departure Date/Time |
| Flight Arrival Date/Time | Arrival Date/Time |
| Hotel Name | Hotel Accommodation |
| Hotel Check-in Date | Check-in Date |
| Hotel Check-out Date | Check-out Date |
Sync frequency: Polling frequency is configurable and scales up in the days preceding the event to ensure the latest travel information is always available.
Section 07
HCP OneLink / Cvent Advisory Board
Consolidated advisory board engagement view combining event data from Cvent and legal status from HCP OneLink.
This integration consolidates advisory board (ad-board) data from two upstream systems into a unified DS360 view. Cvent provides event and attendee information; HCP OneLink provides legal and contractual status. Medical affairs and compliance teams can review ad-board engagements, HCP attendance, and compliance status — all in DS360 reporting and analytics.
Technical Summary
| Parameter | Value |
|---|---|
| Source Systems | Cvent (event + attendee data) + HCP OneLink (legal/contractual status) |
| Primary Trigger | Daily scheduled synchronization |
| Secondary Trigger | HCP OneLink webhook (push on data change) |
| HCP Match Keys | Name and email address |
| Output | Unified HCP ad-board engagement record in DS360 |
Daily Scheduled Sync
Cvent
HCP OneLink
DS360 / Event Cadence
Cvent
Advisory board events
+ HCP attendee lists
Events Source+ HCP attendee lists
HCP OneLink
HCP legal & contractual
status per engagement
Legal Sourcestatus per engagement
① Poll Cvent
GET ad-board events
GET /v1/events?type=AdvisoryBoard
Authorization: Bearer <cvent_token>
→ Returns: eventId, name, date,
location, attendee[]
Trigger: Daily scheduled job
Authorization: Bearer <cvent_token>
→ Returns: eventId, name, date,
location, attendee[]
Trigger: Daily scheduled job
rest
DS360 Scheduler
Daily trigger
Iterates HCP attendees
per ad-board event
Daily JobIterates HCP attendees
per ad-board event
② Query OneLink
GET legal status
GET /api/hcps?email={hcp_email}&name={name}
Authorization: Bearer <onelink_token>
→ Returns: legalStatus, contractStatus,
hcpId, complianceFlags
Authorization: Bearer <onelink_token>
→ Returns: legalStatus, contractStatus,
hcpId, complianceFlags
rest
Integration Layer
Merges Cvent event data
+ OneLink legal status
into unified HCP record
Merge+ OneLink legal status
into unified HCP record
③ Store
Write unified record
Consolidated fields:
adBoardTitle, meetingDate, location
hcpEmail, legalStatus, contractStatus
hcpId (cross-system key)
adBoardTitle, meetingDate, location
hcpEmail, legalStatus, contractStatus
hcpId (cross-system key)
DS360 Analytics
HCP ad-board engagement
view — reporting, charts,
compliance dashboard
Outputview — reporting, charts,
compliance dashboard
Cvent API: https://api.cvent.com/v1/ — Bearer token (client_credentials)HCP OneLink API: REST — Bearer tokenMatch keys: HCP email + full name (both systems)Schedule: Daily scheduled job — full sync of all advisory board eventsOutput: Unified HCP engagement record available in DS360 reporting
Webhook-Triggered Update
HCP OneLink
DS360 / Event Cadence
Cvent
HCP OneLink
Status change event
(contract executed,
compliance flag updated)
Trigger(contract executed,
compliance flag updated)
① Webhook
POST to DS360 endpoint
POST /integrations/hcponelink/webhook
Content-Type: application/json
X-OneLink-Signature: <hmac>
Body: { hcpId, email, changeType,
legalStatus, contractStatus,
timestamp }
Content-Type: application/json
X-OneLink-Signature: <hmac>
Body: { hcpId, email, changeType,
legalStatus, contractStatus,
timestamp }
webhook
DS360 Webhook Handler
Validates HMAC signature
Identifies affected HCP
+ linked ad-board events
HandlerIdentifies affected HCP
+ linked ad-board events
② Re-fetch Cvent
GET attendee events
GET /v1/events?attendeeEmail={email}
&type=AdvisoryBoard
Authorization: Bearer <cvent_token>
&type=AdvisoryBoard
Authorization: Bearer <cvent_token>
rest
Cvent
Returns current event
+ attendee data for
affected HCP
Re-fetch+ attendee data for
affected HCP
③ Merge + Update
Refresh record
Combines fresh Cvent data
+ new OneLink status
→ Overwrites DS360 record
→ Updates analytics view
+ new OneLink status
→ Overwrites DS360 record
→ Updates analytics view
DS360 Record
Updated HCP ad-board
record — near real-time
on compliance changes
Updatedrecord — near real-time
on compliance changes
Webhook endpoint: POST https://[ds360-host]/integrations/hcponelink/webhookSignature: HMAC-SHA256 — validate X-OneLink-Signature header before processingTrigger: Any status change in HCP OneLink (contract, compliance, legal)Re-fetch: Both Cvent and OneLink queried fresh on each webhook event
Field Mapping
| Source | Field | DS360 Field | Notes |
|---|---|---|---|
| Cvent | Event Name / Subject | Ad-Board Title | |
| Cvent | Event Date | Meeting Date | |
| Cvent | Event Location | Meeting Location | |
| Cvent | Attendee Email | HCP Email (match key) | |
| HCP OneLink | Legal Status | Legal Status | Contract stage, compliance status |
| HCP OneLink | Contractual Status | Contractual Status | Agreement execution state |
| HCP OneLink | HCP Identifier | HCP ID | Cross-system matching key |
Section 08
SteepRock SFTP Export
Post-event HCP engagement data exported from DS360 to SteepRock for relationship intelligence.
After each congress, DS360 exports post-event engagement data to SteepRock via SFTP — including the congress schedule, HCP profiles, and all appointments with HCPs during the event. This enriches SteepRock's relationship intelligence, giving the DS medical affairs team a longitudinal view of HCP interactions across all congresses.
Technical Summary
| Parameter | Value |
|---|---|
| Transport | SFTP (Secure File Transfer Protocol) |
| Direction | Outbound from DS360 |
| File Format | Structured CSV files |
| SFTP Server | Provisioned and managed by SteepRock |
| Daily Export | Delta file — new/updated records since previous upload |
| Weekly Export | Full export — complete dataset of HCPs, congresses, and attendees |
| Data Type | Historical post-event activity (not real-time) |
Dataflow
DS360 / Event Cadence
SFTP Server (SteepRock-managed)
SteepRock
DS360 Export Engine
Post-event HCP engagement data
Congresses, HCP profiles,
Appointments
Data SourceCongresses, HCP profiles,
Appointments
Daily Delta CSV
congress_schedule.csv
hcp_profiles.csv
appointments.csv
New/updated since last export
Dailyhcp_profiles.csv
appointments.csv
New/updated since last export
Weekly Full CSV
Same 3 files
Complete dataset — all records
Used for full reconciliation
WeeklyComplete dataset — all records
Used for full reconciliation
① SFTP PUT
Upload via SFTP/SSH
SFTP PUT /inbound/{filename}
Auth: SSH key pair or
username/password (SFTP creds)
Transport: SSH (port 22)
Encryption: in-transit via SSH
Daily: 03:00 UTC (delta)
Weekly: Sunday 03:00 UTC (full)
Auth: SSH key pair or
username/password (SFTP creds)
Transport: SSH (port 22)
Encryption: in-transit via SSH
Daily: 03:00 UTC (delta)
Weekly: Sunday 03:00 UTC (full)
sftp
SFTP Server
Managed by SteepRock
Host: [provided by SteepRock]
Port: 22 (SSH)
Dir: /inbound/
Drop ZoneHost: [provided by SteepRock]
Port: 22 (SSH)
Dir: /inbound/
② Ingest
SteepRock picks up files
SteepRock polls or watches
/inbound/ directory
Validates CSV schema
Processes into data warehouse
/inbound/ directory
Validates CSV schema
Processes into data warehouse
sftp
SteepRock
Relationship intelligence
platform
Longitudinal HCP view
across all congresses
Consumerplatform
Longitudinal HCP view
across all congresses
Files: congress_schedule.csv · hcp_profiles.csv · appointments.csvDaily (delta): Records created/updated since previous upload — ~03:00 UTCWeekly (full): Complete dataset, all records — Sundays ~03:00 UTCAuth: SSH key pair (preferred) or SFTP username/password — provided by SteepRockcongress_schedule fields: congressId, congressName, startDate, endDate, locationhcp_profiles fields: hcpId, firstName, lastName, email, specialty, institutionappointments fields: appointmentId, congressId, hcpId, dateTime, location, internalParticipants, objective
CSV File Specifications
Congress Schedule File
| Field | Description |
|---|---|
| Congress ID | Unique identifier for the congress in DS360 |
| Congress Name | Full name of the congress / event |
| Start Date | Congress start date |
| End Date | Congress end date |
| Location | City and venue of the congress |
HCP Profiles File
| Field | Description |
|---|---|
| HCP ID | DS360 internal HCP identifier |
| First Name | HCP first name |
| Last Name | HCP last name |
| Email Address | HCP email address |
| Specialty | HCP medical specialty (if available) |
| Institution | HCP affiliated institution / hospital (if available) |
Appointments File
| Field | Description |
|---|---|
| Appointment ID | DS360 internal appointment identifier |
| Congress ID | Linked congress identifier |
| HCP ID | HCP attendee identifier |
| Date / Time | Appointment date and start time |
| Location | Meeting room or location within congress venue |
| Internal Participants | DS360 user IDs of DS colleagues in the appointment |
| Objective | Stated purpose or objective of the appointment |
Sync Schedule
| Frequency | File Type | Contents | Purpose |
|---|---|---|---|
| Daily | Delta CSV | New/updated congresses, HCPs, appointments since last run | Near-real-time incremental sync |
| Weekly | Full CSV | Complete dataset — all HCPs, all congresses, all appointments | Full refresh and data reconciliation |
Section 09
Security & Compliance
Transport security, authentication mechanisms, and data sensitivity per integration.
| Integration | Transport | Auth | Data Sensitivity | Privacy Notes |
|---|---|---|---|---|
| SSO (SAML 2.0) | HTTPS / TLS | SAML 2.0 signed assertions | Auth tokens only | No PII beyond email |
| Exchange Free/Busy | HTTPS / TLS | OAuth 2.0, AES-encrypted tokens | Calendar metadata only | No event details or content |
| Cvent Attendees | HTTPS / TLS | Cvent API client credentials | PII: name, email, registration | DS data governance applies |
| Cvent Travel | HTTPS / TLS | Cvent API client credentials | PII + itinerary data | DS data governance applies |
| HCP OneLink / Cvent | HTTPS / TLS | REST API credentials (both systems) | HCP PII + legal/contractual status | Compliance-sensitive |
| SteepRock SFTP | SFTP / SSH | SFTP credentials | HCP PII + appointment history | DS governance applies |
- Event Cadence is ISO 27001 certified
- All API credentials and OAuth tokens are stored encrypted at rest
- Integrations use least-privilege access — only minimum required permissions are requested
- HCP-related data is subject to Daiichi Sankyo data governance, GDPR, and applicable HCP engagement regulations
Section 10
Configuration Checklist
Use when provisioning or verifying integrations for a new deployment or event season. Click items to check them off.
SSO (SAML 2.0)
Exchange Free/Busy
Cvent Attendees & Travel Feeds
HCP OneLink / Cvent Advisory Board
SteepRock SFTP Export
Section 11
Support & References
Knowledge base links and contact information.
Event Cadence Knowledge Base
Primary Contact
For integration setup, technical issues, or configuration changes related to DS360, contact Event Cadence support or raise a request via the Event Cadence support portal.
Section 12
Data Flow Diagrams
All six integration dataflows at a glance — systems, directions, and protocols.
Integration 1
Single Sign-On — SAML 2.0
DS Employee
DS360 / Event Cadence
DS Identity Provider
User Browser
DS Employee
ds360.eventcadence.com
HTTPSds360.eventcadence.com
① Login
POST email
Content-Type: application/x-www-form-urlencoded
body: email=user@daiichisankyo.com
body: email=user@daiichisankyo.com
saml
DS360 Login
SAML Service Provider
SP Entity② AuthnRequest
HTTP Redirect → IdP
SAMLRequest=<base64 AuthnRequest>
Issuer: account.eventcadence.com
ACS URL: /authsaml/signonendpoint
NameIDPolicy: EmailAddress
Issuer: account.eventcadence.com
ACS URL: /authsaml/signonendpoint
NameIDPolicy: EmailAddress
saml
DS IdP
Okta / Azure AD
MFA Supported③ SAML Response
POST to ACS URL
POST /authsaml/signonendpoint
SAMLResponse: <signed XML>
Assertions: email, nameID
Signature: RSA-SHA256
SAMLResponse: <signed XML>
Assertions: email, nameID
Signature: RSA-SHA256
saml
Auth Service
Validates assertion
Matches email → account
SessionMatches email → account
ACS URL: https://account.eventcadence.com/authsaml/signonendpointLogout URL: https://account.eventcadence.com/authsaml/logoutendpointMetadata URL: https://account.eventcadence.com/authsaml/info/[org-id]NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressSignature: RSA-SHA256 on both Response and AssertionMobile: Chrome Custom Tabs (Android) · Native webview (iOS)
Integration 2
Microsoft Exchange Free/Busy
DS Scheduler
DS360 / Event Cadence
Microsoft Graph API
DS Scheduler
Creates appointment
Adds HCP attendees
TriggerAdds HCP attendees
① Schedule
Add attendees
Event: congressId, attendee emails
Requests free/busy check
Requests free/busy check
DS360 Backend
Retrieves access_token
from encrypted token store
Token retrievalfrom encrypted token store
② Graph Query
POST getSchedule
POST /v1.0/users/{userId}/calendar/getSchedule
Authorization: Bearer <access_token>
Body: { schedules:[emails], startTime, endTime,
availabilityViewInterval: 30 }
Authorization: Bearer <access_token>
Body: { schedules:[emails], startTime, endTime,
availabilityViewInterval: 30 }
oauth
MS Graph API
graph.microsoft.com
Exchange Online calendars
Read-onlyExchange Online calendars
③ Availability
Return free/busy
200 OK
{ availabilityView: "0020002...",
scheduleItems: [{status:"Busy",
subject:null, start, end}] }
No event titles/attendees returned
{ availabilityView: "0020002...",
scheduleItems: [{status:"Busy",
subject:null, start, end}] }
No event titles/attendees returned
oauth
DS360 Appt UI
Renders "Outlook Event" blocks
"Ask Customer" shows only
fully-free slots to HCP
Display"Ask Customer" shows only
fully-free slots to HCP
Graph endpoint: POST https://graph.microsoft.com/v1.0/users/{id}/calendar/getScheduleAuth: Bearer token (OAuth 2.0 delegated or service account)Privacy: Only Free/Busy/Tentative/OOO returned — no event contentIgnored: All-day events · Meetings ≥6h · Tentative eventsInterval: 30-minute availability slots
Integration 3
Cvent Attendees Feed
Cvent
DS360 / Event Cadence
Cvent
Event registration platform
DS congress events
SourceDS congress events
① Poll
GET attendees
GET /v1/events/{eventId}/attendees?
status=Accepted&modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Content-Type: application/json
Trigger: Scheduled poll (configurable
frequency per event timeline)
status=Accepted&modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Content-Type: application/json
Trigger: Scheduled poll (configurable
frequency per event timeline)
rest
DS360 Scheduler
Periodic poll engine
Cvent API client credentials
stored in integration config
SchedulerCvent API client credentials
stored in integration config
② Map + Dedup
Field mapping
Match key: attendee email
email → User.email (dedup key)
firstName → User.firstName
lastName → User.lastName
registrationType → AttendeeRole
registrationStatus → AttendeeStatus
email → User.email (dedup key)
firstName → User.firstName
lastName → User.lastName
registrationType → AttendeeRole
registrationStatus → AttendeeStatus
New User
Email not in DS360
→ CREATE User account
→ LINK to event as attendee
Created→ CREATE User account
→ LINK to event as attendee
Existing User
Email matches DS360 account
→ LINK to event as attendee
(no duplicate creation)
Linked→ LINK to event as attendee
(no duplicate creation)
API base: https://api.cvent.com/v1/Auth: OAuth 2.0 client_credentials grant → Bearer tokenMatch key: attendee.email (case-insensitive)Poll fields: email, firstName, lastName, registrationType, registrationStatus, eventIdSync mode: Delta — modifiedAfter param limits to changed records
Integration 4
Cvent Travel Feed
Cvent
DS360 / Event Cadence
Cvent
Flight + hotel itinerary
data per attendee
Travel Sourcedata per attendee
① Delta Poll
GET travel records
GET /v1/events/{eventId}/travel?
modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Trigger: Scheduled timer
Frequency ↑ as event date approaches
modifiedAfter={lastSync}
Authorization: Bearer <cvent_token>
Trigger: Scheduled timer
Frequency ↑ as event date approaches
rest
DS360 Scheduler
Delta-based polling
Only new/updated records
Match key: attendee email
SchedulerOnly new/updated records
Match key: attendee email
② Map
Field mapping
flightNumber → FlightItinerary
departureDateTime → DepartureTime
arrivalDateTime → ArrivalTime
hotelName → HotelAccommodation
checkInDate → CheckIn
checkOutDate → CheckOut
attendeeEmail → User (match key)
departureDateTime → DepartureTime
arrivalDateTime → ArrivalTime
hotelName → HotelAccommodation
checkInDate → CheckIn
checkOutDate → CheckOut
attendeeEmail → User (match key)
DS360 Attendee Profile
Travel itinerary visible
alongside agenda in
attendee mobile app
Storedalongside agenda in
attendee mobile app
API base: https://api.cvent.com/v1/Auth: OAuth 2.0 client_credentials → Bearer token (shared with Attendees feed)Match key: attendeeEmail (joins to User.email)Delta param: modifiedAfter=ISO8601 timestamp of last successful syncFrequency: Configurable; increases to near-real-time in days before event
Integration 5
HCP OneLink / Cvent Advisory Board
Cvent
HCP OneLink
DS360 / Event Cadence
Cvent
Advisory board events
+ HCP attendee lists
Events Source+ HCP attendee lists
HCP OneLink
HCP legal & contractual
status per engagement
Legal Sourcestatus per engagement
① Poll Cvent
GET ad-board events
GET /v1/events?type=AdvisoryBoard
Authorization: Bearer <cvent_token>
→ Returns: eventId, name, date,
location, attendee[]
Trigger: Daily scheduled job
Authorization: Bearer <cvent_token>
→ Returns: eventId, name, date,
location, attendee[]
Trigger: Daily scheduled job
rest
DS360 Scheduler
Daily trigger
Iterates HCP attendees
per ad-board event
Daily JobIterates HCP attendees
per ad-board event
② Query OneLink
GET legal status
GET /api/hcps?email={hcp_email}&name={name}
Authorization: Bearer <onelink_token>
→ Returns: legalStatus, contractStatus,
hcpId, complianceFlags
Authorization: Bearer <onelink_token>
→ Returns: legalStatus, contractStatus,
hcpId, complianceFlags
rest
Integration Layer
Merges Cvent event data
+ OneLink legal status
into unified HCP record
Merge+ OneLink legal status
into unified HCP record
③ Store
Write unified record
Consolidated fields:
adBoardTitle, meetingDate, location
hcpEmail, legalStatus, contractStatus
hcpId (cross-system key)
adBoardTitle, meetingDate, location
hcpEmail, legalStatus, contractStatus
hcpId (cross-system key)
DS360 Analytics
HCP ad-board engagement
view — reporting, charts,
compliance dashboard
Outputview — reporting, charts,
compliance dashboard
Cvent API: https://api.cvent.com/v1/ — Bearer token (client_credentials)HCP OneLink API: REST — Bearer tokenMatch keys: HCP email + full name (both systems)Schedule: Daily scheduled job — full sync of all advisory board eventsOutput: Unified HCP engagement record available in DS360 reporting
Integration 6
SteepRock SFTP Export
DS360 / Event Cadence
SFTP Server (SteepRock-managed)
SteepRock
DS360 Export Engine
Post-event HCP engagement data
Congresses, HCP profiles,
Appointments
Data SourceCongresses, HCP profiles,
Appointments
Daily Delta CSV
congress_schedule.csv
hcp_profiles.csv
appointments.csv
New/updated since last export
Dailyhcp_profiles.csv
appointments.csv
New/updated since last export
Weekly Full CSV
Same 3 files
Complete dataset — all records
Used for full reconciliation
WeeklyComplete dataset — all records
Used for full reconciliation
① SFTP PUT
Upload via SFTP/SSH
SFTP PUT /inbound/{filename}
Auth: SSH key pair or
username/password (SFTP creds)
Transport: SSH (port 22)
Encryption: in-transit via SSH
Daily: 03:00 UTC (delta)
Weekly: Sunday 03:00 UTC (full)
Auth: SSH key pair or
username/password (SFTP creds)
Transport: SSH (port 22)
Encryption: in-transit via SSH
Daily: 03:00 UTC (delta)
Weekly: Sunday 03:00 UTC (full)
sftp
SFTP Server
Managed by SteepRock
Host: [provided by SteepRock]
Port: 22 (SSH)
Dir: /inbound/
Drop ZoneHost: [provided by SteepRock]
Port: 22 (SSH)
Dir: /inbound/
② Ingest
SteepRock picks up files
SteepRock polls or watches
/inbound/ directory
Validates CSV schema
Processes into data warehouse
/inbound/ directory
Validates CSV schema
Processes into data warehouse
sftp
SteepRock
Relationship intelligence
platform
Longitudinal HCP view
across all congresses
Consumerplatform
Longitudinal HCP view
across all congresses
Files: congress_schedule.csv · hcp_profiles.csv · appointments.csvDaily (delta): Records created/updated since previous upload — ~03:00 UTCWeekly (full): Complete dataset, all records — Sundays ~03:00 UTCAuth: SSH key pair (preferred) or SFTP username/password — provided by SteepRockcongress_schedule fields: congressId, congressName, startDate, endDate, locationhcp_profiles fields: hcpId, firstName, lastName, email, specialty, institutionappointments fields: appointmentId, congressId, hcpId, dateTime, location, internalParticipants, objective
Diagram color key:
■ DS360 / Event Cadence
■ Cvent
■ Microsoft 365
■ HCP OneLink
■ SteepRock
■ DS IdP / Users