oAuth2
The Taboola Backstage API uses OAuth2 for authentication.
The concept is simple:
- Using your
client_id
andclient_secret
, get an Access Token from the Authorization Server - Include the Access Token in the header of each API request.
Client ID and Client Secret
When requesting an Access Token you must include your client_id
and client_secret
. This enables the Authorization Server to identify the user account requesting authorization.
Ask your Taboola Account Manager to provide you with a
client_id
andclient_secret
.
Your
client_secret
is confidential - keep it secret.
The Access Token
After obtaining an Access Token, include it in the Authorization
header of each API request. (The Access Token identifies who you are - and your set of permissions.)
GET /backstage/api/1.0/{account_id}/campaigns/ HTTP/1.1
Host: backstage.taboola.com
Authorization: Bearer {access_token}
Content-Type: application/json
Replace
{access_token}
with your actual token.
An Access Token is valid for 12 hours. Once it expires, you will need to initiate a new authentication flow. (In certain special cases, you can submit a Refresh Token instead.)
401 Unauthorized
Either of the following will result in a 401 Unauthorized response:
- An API request that is missing an
Authorization
header.- An invalid or expired Access Token.