Authorization Requests
Before an advertiser can start using an app or integration built with the API, the advertiser has to grant it access. This is accomplished through an authorization request.
All apps must send an authorization request to advertisers in order to read or manage actions on the advertiser’s behalf.
Consent Granting Steps
-
On the Developer Dashboard, the app developer will setup the application, select the permissions (domains) necessary and activate the app. Once these steps have been completed, the API app will require access to an account if it wishes to use API endpoints with that account. In the next step of the process the app developer will generate a consent URL and share with the advertiser to request consent.
-
The advertiser decides which portfolios to grant or deny access. The following user roles have permissions to grant/deny application access:
- Admin
- Business Managers
- Technical Managers
-
The consent URL will redirect the advertiser to the Criteo consent dashboard
- Log into the consent dashboard using your Criteo login and you will be redirected to the "Access request" page. In this page consent granters will see the organization and API application requesting consent, the permission level the app is requesting, and the accounts in their portfolio that they will be able to grant consent.
- The advertiser with one of the following roles above will select the account(s) from their portfolio and click "Approve" to grant the API application access.
- Once this step is completed, the API application is now ready to access the account using our endpoints!
Types of Permissions
Each app will request different permissions, based on its purpose. These permissions will be tied to different aspects of campaigns, such as Audiences, Budgets, Creatives, or Analytics.
There are two types of permissions that an app might request.
- Read-only: These permissions request access to read an advertiser’s data or campaign details. They can only pull information; they do not modify a campaign in any way. An example would be an app that reads an advertiser’s data to create campaign reports.
- Manage: These permissions allow an app to make changes to an advertisers’ campaign, ad set, or ad. An example would be an app to automate setting CPCs for campaigns or uploading a Contact List.
The following describes what type of access each permission will provide the application
Analytics | Audiences | Campaigns |
---|---|---|
No access - your application will not have access to any of the retail media analytics endpoints - Read - your application will have access to retrieve reporting data using the retail media analytics endpoints | No access - your application will not have access to any of the retail media audience endpoints Read - your application will have access to retrieve audiences and make calls to GET endpoints only - Manage - your application will have access to all audience endpoints, which includes both GET and POST endpoints | - No access - your application will not have access to any of the retail media campaign management endpoints. This includes all campaign and line-item management features, balances, catalogs and creatives. - Read - your application can only retrieve campaign man agent details. This includes GET endpoints only - Manage - your application will have access to all campaign management endpoints, which includes all GET and POST endpoints |
Managing and Revoking Access
The consent dashboard is also where the advertiser can see all the apps granted access. They can see which portfolios each app has access to, the specific permissions, and when access was granted. This is also where access can be revoked for any particular app. Similar to granting consent, only the advertiser Admin, Business managers, or Technical managers can complete this action for the Retail Media platform.
Updated 7 months ago