> ## Documentation Index
> Fetch the complete documentation index at: https://developers.criteo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication Tokens

## Introduction

Clients can opt to use tokens to avoid exposing server-side API calls to unauthorized parties. There are two types of tokens: **static** and **dynamic**.

If the token is incorrect or missing, you will receive a 401 response with the following content:

```json theme={null}
{"Status Message":"Unauthorized"}
```

***

### Static Tokens

* **Contact your technical representative**: Reach out to your Technical Account Manager to have a token generated internally and shared with your team.
* **Authentication header**: Add the token in the authentication header of your API calls.

***

### Dynamic Tokens

A dynamic token expires after a certain period. Every time it expires, you must make a new request to the authentication service to generate a fresh token.

* **Set up an app**: Generate an API token by setting up an app in our developer portal. Follow the instructions here: [Configuring Your API Application](/retail-media/v2024.10/docs/configuring-your-api-application).
* **Share application ID**: Share your `application_id` with your TAM. This ID will be used to set up our authentication server.
* **Authentication request**: Make an authentication request as described here: [Authentication](/retail-media/docs/authentication).
* **Get token**: You will receive a token that can be used to make calls to the ad delivery API.

***

## Example of API Calls with Authentication

### Static token example

```bash theme={null}
curl -X GET "https://d.us.criteo.com/delivery/retailmedia" \
--data-urlencode "criteo-partner-id=12345" \
--data-urlencode "retailer-visitor-id=123" \
--data-urlencode "customer-id=456" \
--data-urlencode "event-type=viewHome" \
--data-urlencode "page-id=viewHome_API_desktop" \
-H "Authorization: Bearer YOUR_STATIC_TOKEN" \
-H "Referer: www.criteo.com" \
-H "X-Forwarded-For: 123.456.789.012" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
```

***

### Dynamic token example

1. **Request token**

```bash theme={null}
curl -X POST 'https://api.criteo.com/oauth2/token' \
-H 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=YOUR_CLIENT_ID' \
--data-urlencode 'client_secret=YOUR_CLIENT_SECRET'
```

2. **Use token**

```bash theme={null}
curl -X GET "https://d.us.criteo.com/delivery/retailmedia" \
--data-urlencode "criteo-partner-id=12345" \
--data-urlencode "retailer-visitor-id=123" \
--data-urlencode "customer-id=456" \
--data-urlencode "event-type=viewHome" \
--data-urlencode "page-id=viewHome_API_desktop" \
-H "Authorization: Bearer YOUR_DYNAMIC_TOKEN" \
-H "Referer: www.criteo.com" \
-H "X-Forwarded-For: 123.456.789.012" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
```

***

<br />

<br />

## What's next

* [API parameters](/retailer-integration/docs/api-parameters-1)
