Implicit Flow


This flow requires special authorization from Taboola.

For more information, reach out via our online Community.


Quick summary

  1. Redirects the user to Taboola for authentication.
  2. Returns an Authorization Code that is used to obtain an Access Token and Refresh Token.

This flow is less secure than the Authorization Code Flow - authorization is implicit, and no Authorization Code is required.


  1. User clicks on Connect within your App.
  2. Your App redirects the user to a Taboola login page:
    • [authentication_domain]/authentication/oauth/authorize/?client_id=[client_id]&redirect_uri=[redirect_uri]&response_type=token
    • Note: authentication_domain =
  3. User logs in and authorizes your App.
  4. Taboola redirects the user back to your App, using the redirect_uri that you provided. The user's Access Token is passed as part of a URL fragment:
    • [redirect_uri]#access_token=[access_token]&expires_in=[expires_in]


You must register the redirect_uri with Taboola. Otherwise, the redirect will fail.


No Refresh Token is returned. If the current Access Token is invalidated, the user must go through the complete authentication flow again.