Implicit Flow

Redirects the user to Taboola for authentication.
Returns an Access Token.

Within Taboola, this flow is reserved for special use cases only.

For more information, reach out via our online Community.

The following steps apply:

  1. User clicks on Connect within your App.
  2. Your App redirects the user to a Taboola login page:
    • [authentication_domain]/authentication/oauth/authorize/?client_id=[client_id]&redirect_uri=[redirect_uri]&response_type=token
    • Note: authentication_domain = https://authentication.taboola.com

🚧

You must register the redirect_uri with Taboola. Otherwise, the redirect will fail. For more information, reach out via our online Community.

  1. User logs in and authorizes your App.
  2. Taboola redirects the user back to your App, using the redirect_uri that you provided. The user's Access Token is passed as part of a URL fragment:
    • [redirect_uri]#access_token=[access_token]&expires_in=[expires_in]

🚧

This flow is less secure than Flow 4. (Authorization is implicit - no Authorization Code is required.)

📘

No Refresh Token is returned. If the current Access Token is invalidated, the user must go through the complete authentication flow again.