Private Market Programmatic Consent Granting
Overview
The programmatic consent granting process for private market will involve two API applications called the Admin app (client credentials) and the Business app (authorization code)
Admin App
- Responsible for account creation and consent granting
- Will use the client credential workflow
- A retailer admin will grant consent on behalf of a retailer's supply account (using consent portal)
- The admin app will use the new "Accounts" domain only
Business App
- Will be responsible for all API operations on behalf of private market demand accounts
- Will use the authorization code workflow
- Consent will be managed through the admin app
- The app will use all other domains except the new "Accounts" domain (Analytics, Audience, Campaigns)
Admin Application
- Log into your partners.criteo.com account to create the admin app. In following steps we will need to create a new "Client Credentials application
Step 1 . Creating your admin application
- Begin creating the admin application by providing the app details and click next
- For the admin application we will be using the Client Credentials as the authentication method. Choose the option and click create
- Select the C-Max and Retail media as your application service
- Select only the "Accounts" domain and provide manage access
Information
When selecting the Accounts domain you will be shown the message, Applications that select “Manage Accounts” will also be granted Campaign Read permissions. This option cannot be combined with any other authorization type. this is expected and you can just click "Got it" button. Campaign read will be added automatically as it is currently needed to fetch the accounts
- Click "Activate App"
- In the App credentials section of your app details, click "Create new key" to download your keys. Store them somewhere safely
- Generate a consent URL and send it to your account administrator. Users with admin, business manager or technical managers roles are allowed to grant consent.
Business Application
Step 2. Creating your business application
Begin creating the admin application by providing the app details and click next
For the business application we will be using the Authorization code as the authentication method. Choose the option and click create
-
Select the C-Max and Retail media as your application service
-
Select all relevant authorizations domains that your users will need to access and Activate App.
⚠️ NOTE: for the business we will not be selecting the "Accounts" domain
-
Click "Activate App"
-
In the App credentials section of your app details, click "Create new key" to download your keys. Store them somewhere safely
-
Generate a consent URL and send it to your account administrator. Users with admin, business manager or technical managers roles are allowed to grant consent.
Redirect URI
In the Redirect URI section of your app details, register the callbackUrl where Criteo API will send your authorization code when consent is granted
Demo with Postman
In the following demo we will do a simple step by step using Postman
Step 3. Authenticate the Criteo API with the Admin app
- Generate a token for your Admin App with the Credentials created in step 1.4. In this step you will need to run a
POST | https://api.criteo.com/oauth2/tokenAPI call
Sample Request
curl -X POST "https://api.criteo.com/oauth2/token" \
-d 'client_id={ADMIN CLIENT_ID}' \
-d 'client_secret={ADMIN CLIENT_SECRET}' \
-d 'grant_type=client_credentials'
Sample Response
{
"access_token": "<TOKEN STRING>",
"token_type": "Bearer",
"expires_in": 900
}
Postman Example
After authenticating you will receive the access token. Use this access token in the next step to grant the account consent
Step 4. Grant Account Consent
- Using the token generated in step 3.1, make a
POSTcall to the consent grant endpoint. The endpoint should respond with a 204 response status.
curl -L -X POST 'https://api.criteo.com/preview/retail-media/accounts/{demand-account-id}/grant-consent' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <<ACCESS TOKEN FROM ADMIN APP>>' \
-d '{
"data":{
"type": "GrantConsentModel",
"attributes": {
"clientId": "{BUSINESS APP CLIENT ID}",
"callbackUrl": "{BUSINESS APP CALLBACK URL}", // the redirect uri you registered on the partner portal
"callbackState": "{DEMAND ACCOUNT ID}" // this is an optional parameter but we recommend you pass the account id so you can association it with the right token
}
}
}'
Grant Consent Attributes
clientId- your business client id that was generated in step 2.6callbackUrl- the redirect uri you registered on the partner portalcallbackState(optional) - This is an optional parameter but we recommend you pass the account id so you can association it with the right token
Step 5. Exchange Auth. Code Token Linked to Demand Account
- As soon as you’ve completed step 4.1 you should receive a callback to your callback URL with the code. Use the code to make an addition
POST | /oauth2/tokencall with code. The business app should use this token to request a pair of access and refresh tokens.
curl -L -X POST 'https://api.criteo.com/oauth2/token' \
-H 'Authorization: Bearer <<TOKEN>>' \
-d 'grant_type=authorization_code' \
-d 'client_id={{BUSINESS APP CLIENT ID}}' \
-d 'client_secret={{BUSINESS APP CLIENT SECRET}}' \
-d 'code={{CODE}' \
-d 'redirect_uri={BUSINESS APP CALLBACK URL}'
Example: On the right, after completing step 4.1 our callback URL receives the code. On the left a new POST authenticate call is made with the code
- You're now ready to make calls to Criteo API using the Business App
Updated 26 days ago