Skip to main content

Introduction

To get started with our APIs, you will need to use the endpoint below to generate an Access Token, with your API credentials or authorization code. The Access Token is a Bearer token that needs to be included in the Authorization Header of all API requests. Multiple tokens may be generated and each is valid for 15 minutes, or 900 seconds

Endpoint

Generate an Access Token

POST https://api.criteo.com/oauth2/token
If you receive a 401 Unauthorized HTTP status code, it means your access token has expired. Generate a new token to continue making authenticated requests.
Reference You can find this endpoint in our Reference section as well.

Parameters

Parameter

Type

Description

client_id

string

Please see below for instructions on getting your credentials throughPartner Dashboard

client_secret

string

Please see below for instructions on getting your credentials throughPartner Dashboard

grant_type

string

Must beclient_credentialsorauthorization_code

code

string

Only for Authorization Code apps. Authorization code returned during redirection

redirect_uri

string

Only for Authorization Code apps. Must match theredirect_uriused for the authorization request.


Generate an Access Token

  • This endpoint generates a new access token using your API credentials or authorization code.
  • To comply with the OAuth2 standards of using client_credentials, Criteo API authorization supports Content-Type: application/x-www-form-urlencoded, as shown in the example below:
POST https://api.criteo.com/oauth2/token
Mandatory Content-Type headerPlease ensure you include Content-Type: application/x-www-form-urlencoded header in your call to the /oauth2/token endpoint.

Use an Access Token

Once you have obtained your access token, you can authenticate for all subsequent requests by including an Authorization HTTP header, as shown in the example below:
Header
GET
https://api.criteo.com/2020-10/advertisers/me

Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVuTTBCZkFELUFrNXZwOU9RMW1ZWXR6T2RaMUVad2RWaHY5T3Z2cVA3YVUiLCJ0eXAiOiJKV1QifQ.eyJjdHg6dXNlcjpkaXNwbGF5TmFtZSI6IkJvYmJ5IFNpYW8gTGVpIEhhbiIsImN0eDp1c2VyOmVtYWlsIjoiYi5oYW5AY3JpdGVvLmNvbSIsImN0eDp1c2VyOnVpZCI6ImIuaGFuIiwiY3R4OnVzZXI6dW1zSWQiOiIzMjM4ODQiLCJzdWIiOiJ1Omk6Yi5oYW5AY3JpdGVvLmNvbSIsImlhdCI6MTYwMTQwNDM1NSwiZXhwIjoxNjAxNDA1MzE1LCJhZGQ6bWFwaTp1bmFtZSI6ImIuaGFuIiwic2NvcGUiOiJnYXRld2F5IiwiY2xpZW50X2lkIjoiYi5oYW4iLCJuYmYiOjE2MDE0MDQ0MTUsImlzcyI6ImNyaXRlby1leGFtb2F1dGgifQ.OI1W8utCbR2a2VbkxOZZaP2JyQ4b8Kf9R2x_yGRp9jjqclvm8huC_iHb9AECLmYVMUYWojvmbIOk0j0BRfLf1xYoOAIvNbcWN-SsrkYOXVh9mYruwOfKJb0t6j8MW7u03PbfvSRtn_29ar3V-7rimDqdMR_iTVhTlBLI0W3jSOCjzKK9sbg0REwtneBu4V3dFLaLNIxXj5EtyaTpLB3v71smFljBHtUC1Go8wRUX2P_GZfWYJCZhatx0xsN46oS8aGQl3a6N4nh4cqdJNA83Y44LYEKpky0ZmBwC9D5j9rpC-BDkUaeWlgkVSicy6yWh-S06JC4e3pJwUHskUMvoiA
Accept: text/plain
Content-Type: application/*+json
OAuth FlowYou can find more details about how to implement OAuth flow for the different authentication methods in our OAuth implementation guides.

What’s next