HomeGuidesChangelog
Log In
Guides

Using tokens

Suggest Edits

Introduction

Clients can opt to use tokens to avoid exposing the API calls to unauthorized parties. This only works if the calls are made server-side, as anyone can see the token if the call is made client-side from the browser. There are two types of tokens: static and dynamic.

If the token is incorrect or missing, you will receive a 401 response with the following content:

{"Status Message":"Unauthorized"}

Static tokens

  • Contact Your TAM: Reach out to your Technical Account Manager (TAM) to get a token generated internally.
  • Token sharing: The TAM will share the token with you.
  • Authentication header: Add the token in the authentication header of your API calls.

Dynamic tokens

A dynamic token expires after some time. Each time it expires, you need to make a new request to the authentication service to generate a new token.

  • Set up an app: Generate an API token by setting up an app in our developer portal. Follow the instructions here: Configuring Your API Application.
  • Share application ID: Share your application_id with your TAM. This ID will be used to set up our authentication server.
  • Authentication request: Make an authentication request as described here: Authentication.
  • Get token: You will receive a token that can be used to make calls to the Delivery API.

Example of API calls with authentication

Static token example

curl -X GET "https://d.us.criteo.com/delivery/retailmedia" \
--data-urlencode "criteo-partner-id=12345" \
--data-urlencode "retailer-visitor-id=123" \
--data-urlencode "customer-id=456" \
--data-urlencode "event-type=viewHome" \
--data-urlencode "page-id=viewHome_API_desktop" \
-H "Authorization: Bearer YOUR_STATIC_TOKEN" \
-H "Referer: www.criteo.com" \
-H "X-Forwarded-For: 123.456.789.012" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"

Dynamic token example

  1. Request token
curl -X POST 'https://api.criteo.com/oauth2/token' \
-H 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=YOUR_CLIENT_ID' \
--data-urlencode 'client_secret=YOUR_CLIENT_SECRET'
  1. Use token
curl -X GET "https://d.us.criteo.com/delivery/retailmedia" \
--data-urlencode "criteo-partner-id=12345" \
--data-urlencode "retailer-visitor-id=123" \
--data-urlencode "customer-id=456" \
--data-urlencode "event-type=viewHome" \
--data-urlencode "page-id=viewHome_API_desktop" \
-H "Authorization: Bearer YOUR_DYNAMIC_TOKEN" \
-H "Referer: www.criteo.com" \
-H "X-Forwarded-For: 123.456.789.012" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"

Updated 6 months ago

What’s Next