{BU} The Access Token

After obtaining an Access Token, include it in the Authorization header of each API request. (The Access Token identifies who you are - and your set of permissions.)

GET /backstage/api/1.0/{account_id}/campaigns/ HTTP/1.1
Host: backstage.taboola.com
Authorization: Bearer {access_token}
Content-Type: application/json


Replace {access_token} with your actual token.

An Access Token is valid for 12 hours. Once it expires, you will need to initiate a new authentication flow. (In certain special cases, you can submit a Refresh Token instead.)


401 Unauthorized

Either of the following will result in a 401 Unauthorized response:

  1. An API request that is missing an Authorization header.
  2. An invalid or expired Access Token.