Authentication Basics


The Taboola Backstage API uses OAuth2 for authentication.

The concept is simple:

  1. Get an Access Token from the Authorization Server. (You can choose from 4 possible flows.)
  2. Include the Access Token in the header of each API request. (See next topic.)

Client ID

All requests to the Authorization Server must include a client_id. That way, the Authorization Server knows which user is making the request.

The user credentials provided to you by Taboola will allow you to perform operations on behalf of your account.

Client Secret

In order to use the Client Credentials flow, you will also need a client_secret.


Ask your Taboola Account Manager for your client_id and client_secret.


Your client_secret is confidential - keep it secret.