GuidesAPI ReferenceChangelog
GuidesAPI ReferenceChangelogLog In
Guides

Authorization Requests

Before an advertiser can start using an app or integration built with the API, the advertiser has to grant it access. This is accomplished through an authorization request.

All apps must send an authorization request to advertisers in order to read or manage actions on the advertiser’s behalf.

Steps

  • On the Developer Dashboard, the app developer sets up the app, picking a name, description, and logo

    • The app developer selects which permissions the app will need access to

    • The app developer generates a URL to share with an advertiser. Note: Once this URL is generated, the app name, description, and scope cannot be changed

    • The app developer shares the link with the advertiser

    • The advertiser is directed to the Consent Dashboard and prompts the advertiser to login if required

    • The advertiser sees the authorization request, which has information about the app and the requested permissions

    • The advertiser decides which portfolios to grant or deny access. The following user roles have permissions to grant/deny application access:

      • Admin
      • Business Managers
      • Technical Managers

Types of permissions

Each app will request different permissions, based on its purpose. These permissions will be tied to different aspects of campaigns, such as Audiences, Budgets, Creatives, or Analytics.

There are two types of permissions that an app might request.

Read-only: These permissions request access to read an advertiser’s data or campaign details. They can only pull information; they do not modify a campaign in any way. An example would be an app that reads an advertiser’s data to create campaign reports.

Manage: These permissions allow an app to make changes to an advertisers’ campaign, ad set, or ad. An example would be an app to automate setting CPCs for campaigns or uploading a Contact List.

Granting Access

When an advertiser receives an authorization request, they will be redirected to the Consent Dashboard.

Here they will see information about the app, including its name, description, logo, and the app’s company name and email.

This request will include details about the requested permissions. The advertiser can choose which of its portfolios to grant access to. This action can only be done by Advertiser Admin, Business managers, or Technical managers as specified in the Retail Media Platform.

Managing and revoking access

The consent dashboard is also where the advertiser can see all the apps granted access.

They can see which portfolios each app has access to, the specific permissions, and when access was granted.

This is also where access can be revoked for any particular app. Advertiser Admin, Business managers, or Technical managers can only do these actions as specified in the Retail Media Platform.