Authentication
Introduction
To get started with our APIs, you will need to use the endpoint below to generate an Access Token, with your API credentials or authorization code. The Access Token is a Bearer token that needs to be included in the Authorization Header of all API requests. Multiple tokens may be generated and each is valid for 15 minutes, or 900 seconds
Endpoint
Generate an Access Token
POST https://api.criteo.com/oauth2/tokenIf you receive a
401 UnauthorizedHTTP status code, it means your access token has expired. Generate a new token to continue making authenticated requests.
Reference You can find this endpoint in our Reference section as well.
Parameters
| Parameter | Type | Description |
|---|---|---|
client_id | string | Please see below for instructions on getting your credentials through Partner Dashboard |
client_secret | string | Please see below for instructions on getting your credentials through Partner Dashboard |
grant_type | string | Must be client_credentials or authorization_code |
code | string | Only for Authorization Code apps. Authorization code returned during redirection |
redirect_uri | string | Only for Authorization Code apps. Must match the redirect_uri used for the authorization request. |
Generate an Access Token
- This endpoint generates a new access token using your API credentials or authorization code.
- To comply with the OAuth2 standards of using
client_credentials, Criteo API authorization supportsContent-Type: application/x-www-form-urlencoded, as shown in the example below:
POST https://api.criteo.com/oauth2/token// Sample Request
curl --location --request POST 'https://api.criteo.com/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=CLIENT_ID' --data-urlencode 'client_secret=CLIENT_SECRET' --data-urlencode 'grant_type=client_credentials'
// Sample Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkVuTTBCZkFELUFrNXZwOU9RMW1ZWXR6T2RaMUVad2RWaHY5T3Z2cVA3YVUiLCJ0eXAiOiJKV1QifQ.eyJjdHg6dXNlcjpkaXNwbGF5TmFtZSI6IkJvYmJ5IFNpYW8gTGVpIEhhbiIsImN0eDp1c2VyOmVtYWlsIjoiYi5oYW5AY3JpdGVvLmNvbSIsImN0eDp1c2VyOnVpZCI6ImIuaGFuIiwiY3R4OnVzZXI6dW1zSWQiOiIzMjM4ODQiLCJzdWIiOiJ1Omk6Yi5oYW5AY3JpdGVvLmNvbSIsImlhdCI6MTYwMTQwNDM1NSwiZXhwIjoxNjAxNDA1MzE1LCJhZGQ6bWFwaTp1bmFtZSI6ImIuaGFuIiwic2NvcGUiOiJnYXRld2F5IiwiY2xpZW50X2lkIjoiYi5oYW4iLCJuYmYiOjE2MDE0MDQ0MTUsImlzcyI6ImNyaXRlby1leGFtb2F1dGgifQ.OI1W8utCbR2a2VbkxOZZaP2JyQ4b8Kf9R2x_yGRp9jjqclvm8huC_iHb9AECLmYVMUYWojvmbIOk0j0BRfLf1xYoOAIvNbcWN-SsrkYOXVh9mYruwOfKJb0t6j8MW7u03PbfvSRtn_29ar3V-7rimDqdMR_iTVhTlBLI0W3jSOCjzKK9sbg0REwtneBu4V3dFLaLNIxXj5EtyaTpLB3v71smFljBHtUC1Go8wRUX2P_GZfWYJCZhatx0xsN46oS8aGQl3a6N4nh4cqdJNA83Y44LYEKpky0ZmBwC9D5j9rpC-BDkUaeWlgkVSicy6yWh-S06JC4e3pJwUHskUMvoiA",
"token_type": "Bearer",
"expires_in": 900
}Mandatory Content-Type header
Please ensure you include
Content-Type: application/x-www-form-urlencodedheader in your call to the/oauth2/tokenendpoint.
Use an Access Token
Once you have obtained your access token, you can authenticate for all subsequent requests by including an Authorization HTTP header, as shown in the example below:
GET
https://api.criteo.com/2020-10/advertisers/me
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVuTTBCZkFELUFrNXZwOU9RMW1ZWXR6T2RaMUVad2RWaHY5T3Z2cVA3YVUiLCJ0eXAiOiJKV1QifQ.eyJjdHg6dXNlcjpkaXNwbGF5TmFtZSI6IkJvYmJ5IFNpYW8gTGVpIEhhbiIsImN0eDp1c2VyOmVtYWlsIjoiYi5oYW5AY3JpdGVvLmNvbSIsImN0eDp1c2VyOnVpZCI6ImIuaGFuIiwiY3R4OnVzZXI6dW1zSWQiOiIzMjM4ODQiLCJzdWIiOiJ1Omk6Yi5oYW5AY3JpdGVvLmNvbSIsImlhdCI6MTYwMTQwNDM1NSwiZXhwIjoxNjAxNDA1MzE1LCJhZGQ6bWFwaTp1bmFtZSI6ImIuaGFuIiwic2NvcGUiOiJnYXRld2F5IiwiY2xpZW50X2lkIjoiYi5oYW4iLCJuYmYiOjE2MDE0MDQ0MTUsImlzcyI6ImNyaXRlby1leGFtb2F1dGgifQ.OI1W8utCbR2a2VbkxOZZaP2JyQ4b8Kf9R2x_yGRp9jjqclvm8huC_iHb9AECLmYVMUYWojvmbIOk0j0BRfLf1xYoOAIvNbcWN-SsrkYOXVh9mYruwOfKJb0t6j8MW7u03PbfvSRtn_29ar3V-7rimDqdMR_iTVhTlBLI0W3jSOCjzKK9sbg0REwtneBu4V3dFLaLNIxXj5EtyaTpLB3v71smFljBHtUC1Go8wRUX2P_GZfWYJCZhatx0xsN46oS8aGQl3a6N4nh4cqdJNA83Y44LYEKpky0ZmBwC9D5j9rpC-BDkUaeWlgkVSicy6yWh-S06JC4e3pJwUHskUMvoiA
Accept: text/plain
Content-Type: application/*+jsonOAuth Flow
You can find more details about how to implement OAuth flow for the different authentication methods in our OAuth implementation guides.
Updated 15 days ago