After obtaining an Access Token, include it in the Authorization
header of each API request. (The Access Token identifies who you are - and your set of permissions.)
GET /backstage/api/1.0/{account_id}/campaigns/ HTTP/1.1
Host: backstage.taboola.com
Authorization: Bearer {access_token}
Content-Type: application/json
Replace
{access_token}
with your actual token.
An Access Token is valid for 12 hours. Once revoked, you will need to obtain a new one. You can do so in 1 of 2 ways:
a) Submit a Refresh Token.
OR
b) Initiate a new authentication flow.
Either of the following will result in a 401 Unauthorized response:
- An invalid or expired Access Token.
- An API call that is missing an
Authorization
header.