GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelogLog In
Guides

Authorization Requests

Suggest Edits

Introduction

Before advertisers can start using an app or integration built with the API, they must grant it access through an authorization request. All apps need to send an authorization request to advertisers to read or manage actions on their behalf.

Consent Granting Steps

  • On the Developer Dashboard, app developers set up the application, select the necessary permissions (domains), and activate the app. Once completed, the API app will need access to an account to use API endpoints. The developer will generate a consent URL and share it with the advertiser to request consent.

  • Advertisers choose which portfolios to grant or deny access. The following roles can grant or deny access:

    • Admin,
    • Business Managers,
    • Technical Managers.

  • The consent URL redirects the advertiser to the Criteo consent dashboard.

    • Log in using your Criteo credentials, and you'll be redirected to the Access request page. Here, consent granters can see the organization and API application requesting consent, the requested permission level, and the accounts they can grant access to.

    • Advertisers with the appropriate role select the account(s) and click "Approve" to grant the API app access.
    • Once approved, the API application can access the account via the endpoints.

Types of Permissions

Each app requests different permissions based on its purpose, linked to campaign aspects like Audiences, Budgets, Creatives, or Analytics.

  • Read-only: Grants access to view an advertiser’s data or campaign details without making changes. For example, an app that generates campaign reports.
  • Manage: Allows an app to modify campaigns, ad sets, or ads. For example, an app that automates CPC settings or uploads a Contact List.

The access provided by each permission type depends on the application's requested domains.

ApplicationNo accessReadManage
AnalyticsYour application will not have
access to any of the retail
media analytics endpoints.		Your application will have access to retrieve reporting data using the retail media analytics endpoints.
AudiencesYour application will not have access to any of the retail media audience endpoints.Your application will have access to retrieve audiences and make calls to GET endpoints only.Your application will have access to all audience endpoints, which includes both GET and POST endpoints.
CampaignsYour application will not have access to any of the retail media campaign management endpoints. This includes all campaign and line-item management features, balances, catalogs and creatives.Your application can only retrieve campaign man agent details. This includes GET endpoints only.Your application will have access to all campaign management endpoints, which includes all GET and POST endpoints.

Managing and Revoking Access

The consent dashboard also lets advertisers view all apps with granted access, including the specific portfolios, permissions, and access dates. Access can be revoked by Admins, Business Managers, or Technical Managers for the Retail Media platform, following a process similar to granting consent.

Updated 5 days ago

What’s Next