Authentication
The Remote API allows a different set of authentication depending on the use case.
The Remote API allows a different set of authentication depending on the use case. Here is a summary of them and how they can be used.
For partners
| Auth | Description |
|---|---|
| OAuth 2.0 Client Credentials | Standard OAuth 2.0 client_credentials grant. This is used for partners to act on behalf of themselves, and grant privilege to partner-only endpoints. |
| OAuth 2.0 Code Authorization | Standard OAuth 2.0 code_authorization grant. After getting the customer consent, the partner should store the provided refresh_token which can be exchanged by a valid access token that performs actions on behalf of the user who gave consent. |
| OAuth 2.0 Assertion | The OAuth 2.0 Assertion Framework is an OAuth extension that enables vetted partners to act on behalf of employees of authorized companies. |
| Basic Auth | Basic Partner authentication using provided CLIENT_ID and CLIENT_SECRET is mostly used by partners to generate access tokens and perform the OAuth 2.0 flows. |
| Client Token | Bearer authentication that partners can use to access Marketing endpoints. No PII or sensitive information can be accessed. |
For customers
| Auth | Description |
|---|---|
| Customer API Token | Customers can generate an API Token in the Platform, and perform API requests on behalf of the user who generated the token. |
How to identify which authentication method is required?
The API Reference page lists all available endpoints. For each one, on the right corner, there is a box indicating the accepted authentication and authorization methods. Click on the question mark to learn more about specific auth methods.
Below there are a couple of examples of where and how to locate them.
Example of an endpoint that accepts the Customer API Token
Updated 3 days ago