Provide your app name and description. You can also provide an optional image to identify your application. On your App page, you will be able to define the scope of your application and the OAuth parameters. Please see this page to see more details on how to define your app scope.
Authentication method
Select your app authentication method. You will have the option to select Client Credentials or Authorization Code. To decide which option is best for your organization, review our OAuth implementation guide.
Select the domains to choose which permission access your application will need
Once all these steps have been done, click “Activate app” to activate the applicationRedirect URIApplications using Authorization code workflow will need to specify a Redirect URI as part of your app scope.
Once you have defined the scope of your application, you will be able to set what you need for the authorization code workflow
Parameters
Description
client_id
Your public key accessible in the app credentials section. You can add up to 5 pairs of credentials. Can be added and managed also once the App has been activated.
client_secret
Your secret key, accessible only once when creating a pair of client_id and client_secret in the credentials section. You can add up to 5 pairs of credentials. Can be added and managed also once the App has been activated.
redirect_uri
The URL to redirect the user to after consent delegation. HTTPs protocol required. You can add up to 30 redirect URIs. Can be added and managed also once the App has been activated.
You can now publish the app, and start an authorization code workflow.
Once you have defined the parameters of your App you can start implementing your authorization code flow.Consent URL
To request access to a user’s data, you will create a Consent link (to be sent to the user or implemented through a button in your platform that will redirect the user to the link) with the following structure and parameters:
Authorization Code v. Client Credentials Consent URLsIf you are familiar with the Client Credentials workflow, you will notice that in the partner portal you won’t see the “Generate Consent URL” button. This is because with authorization code workflow you are required to provide the redirect URI which is unique to your organization. So these will need to be configured within your workflow.
You will need to construct a consent URL similar to the example below while passing the required parameters for your application.
Now that you have an authorization code, you can trade it for an access token by making the following POST call. Your call will need to be setup this way:
POST https://api.criteo.com/oauth2/tokengrant_type=authorization_code&code={code}&redirect_uri={redirect_uri}&client_id={client_id}&client_secret={client_secret}
A short-lived (valid for 900 seconds) access token*
refresh_token
A long-lived refresh token (that expires after 6 months) that can be used to renew the access token (see next section).
token_type=Bearer
Type of token.
expires_in
Lifetime of the token in seconds.
Token LifetimeThe refresh token will be revoked if the user that provided consent to an account changes the role or leaves the organization. Such an account needs to be re-authorized by launching the new consent flow and having the new administrator accept the consent.
FAQWhat happens if myclient_id and client_secret are compromised? You will need to delete the set of credentials in the App page and create a new one. You will need to request access again to your users.