GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelogLog In


  • To get started with our APIs, use the endpoint below to generate an Access Token with your API credentials
  • The Access Token is a Bearer token to be included in the Authorization Header of all API requests
  • Multiple tokens may be generated and each are valid for 15 minutes, or 900 seconds


  • POST Generate an Access Token


Generate another access token when it expires, signaled by a 401 Unauthorized HTTP status code


client_id stringPlease see below for instructions on getting your credentials through Developer Dashboard
client_secret stringPlease see below for instructions on getting your credentials through Developer Dashboard
grant_type stringMust be client_credentials

Generate an Access Token

  • This endpoint generates a new access token using your API credentials
  • To comply with the OAuth2 standards of using client_credentials, Criteo API authorization now supports Content-Type: 'application/x-www-form-urlencoded'. See the example below.
// Sample Request
curl --location --request POST ''   --header 'Content-Type: application/x-www-form-urlencoded'   --data-urlencode 'client_id=CLIENT_ID'   --data-urlencode 'client_secret=CLIENT_SECRET'   --data-urlencode 'grant_type=client_credentials'
// Sample Response
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkVuTTBCZkFELUFrNXZwOU9RMW1ZWXR6T2RaMUVad2RWaHY5T3Z2cVA3YVUiLCJ0eXAiOiJKV1QifQ.eyJjdHg6dXNlcjpkaXNwbGF5TmFtZSI6IkJvYmJ5IFNpYW8gTGVpIEhhbiIsImN0eDp1c2VyOmVtYWlsIjoiYi5oYW5AY3JpdGVvLmNvbSIsImN0eDp1c2VyOnVpZCI6ImIuaGFuIiwiY3R4OnVzZXI6dW1zSWQiOiIzMjM4ODQiLCJzdWIiOiJ1Omk6Yi5oYW5AY3JpdGVvLmNvbSIsImlhdCI6MTYwMTQwNDM1NSwiZXhwIjoxNjAxNDA1MzE1LCJhZGQ6bWFwaTp1bmFtZSI6ImIuaGFuIiwic2NvcGUiOiJnYXRld2F5IiwiY2xpZW50X2lkIjoiYi5oYW4iLCJuYmYiOjE2MDE0MDQ0MTUsImlzcyI6ImNyaXRlby1leGFtb2F1dGgifQ.OI1W8utCbR2a2VbkxOZZaP2JyQ4b8Kf9R2x_yGRp9jjqclvm8huC_iHb9AECLmYVMUYWojvmbIOk0j0BRfLf1xYoOAIvNbcWN-SsrkYOXVh9mYruwOfKJb0t6j8MW7u03PbfvSRtn_29ar3V-7rimDqdMR_iTVhTlBLI0W3jSOCjzKK9sbg0REwtneBu4V3dFLaLNIxXj5EtyaTpLB3v71smFljBHtUC1Go8wRUX2P_GZfWYJCZhatx0xsN46oS8aGQl3a6N4nh4cqdJNA83Y44LYEKpky0ZmBwC9D5j9rpC-BDkUaeWlgkVSicy6yWh-S06JC4e3pJwUHskUMvoiA",
    "token_type": "Bearer",
    "expires_in": 900


Mandatory Content-Type header

Please ensure you include Content-Type: application/x-www-form-urlencoded header in your call to /oauth2/token endpoint.

Use an Access Token

  • Once you have obtained your access token, you can authenticate all subsequent requests by including an Authorization HTTP header, as in the example below:

Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVuTTBCZkFELUFrNXZwOU9RMW1ZWXR6T2RaMUVad2RWaHY5T3Z2cVA3YVUiLCJ0eXAiOiJKV1QifQ.eyJjdHg6dXNlcjpkaXNwbGF5TmFtZSI6IkJvYmJ5IFNpYW8gTGVpIEhhbiIsImN0eDp1c2VyOmVtYWlsIjoiYi5oYW5AY3JpdGVvLmNvbSIsImN0eDp1c2VyOnVpZCI6ImIuaGFuIiwiY3R4OnVzZXI6dW1zSWQiOiIzMjM4ODQiLCJzdWIiOiJ1Omk6Yi5oYW5AY3JpdGVvLmNvbSIsImlhdCI6MTYwMTQwNDM1NSwiZXhwIjoxNjAxNDA1MzE1LCJhZGQ6bWFwaTp1bmFtZSI6ImIuaGFuIiwic2NvcGUiOiJnYXRld2F5IiwiY2xpZW50X2lkIjoiYi5oYW4iLCJuYmYiOjE2MDE0MDQ0MTUsImlzcyI6ImNyaXRlby1leGFtb2F1dGgifQ.OI1W8utCbR2a2VbkxOZZaP2JyQ4b8Kf9R2x_yGRp9jjqclvm8huC_iHb9AECLmYVMUYWojvmbIOk0j0BRfLf1xYoOAIvNbcWN-SsrkYOXVh9mYruwOfKJb0t6j8MW7u03PbfvSRtn_29ar3V-7rimDqdMR_iTVhTlBLI0W3jSOCjzKK9sbg0REwtneBu4V3dFLaLNIxXj5EtyaTpLB3v71smFljBHtUC1Go8wRUX2P_GZfWYJCZhatx0xsN46oS8aGQl3a6N4nh4cqdJNA83Y44LYEKpky0ZmBwC9D5j9rpC-BDkUaeWlgkVSicy6yWh-S06JC4e3pJwUHskUMvoiA
Accept: text/plain
Content-Type: application/*+json

Get your credentials through the Developer Portal (self-service)

  • To get your credentials, you need to create a Criteo account and then create an Organization and an App within the Developer Dashboard
  • Learn how to create an Organization and an App in these related articles Create your organization and Create your app
  • Once you have created an App you will be able to generate a set of Credentials through the following dashboard:
  • 💡 When creating a set of Credentials, you will automatically download a file with your API Key and API Secret like this
  • Make sure to keep your API Secret saved somewhere secure. We can only share the API Secret once with you!
  • You can use this dashboard to manage your API keys. You can also delete an API key from this dashboard. The key will stay valid for fifteen minutes before deactivating
  • 💡 You can change the name of your set of credentials by clicking directly on the credentials name in the dashboard. For example, Troubleshooting Credentials or Production Credentials
  • 💡 You will be limited to five API credentials for an App (for ex. one for production, one for troubleshooting, and three others for any other use cases you'd like)