Making Requests

In this topic, we review some basic concepts for making API requests.


In general, each Taboola Backstage API request should have 2 headers:

1. Authorization
2. Content-Type

These are explained below.

Authorization Header

Obtain an Access Token and include it in the Authorization header of each API request:

Authorization: Bearer [access_token]

(For more information about the Access Token, see Authentication Basics.)


The token endpoint itself (used to obtain an Access Token) does not require an Authorization Header.

Content-Type Header

In general, when submitting data to the server, the request should include a Content-Type header with the value application/json:

Content-Type: application/json

Request Example

GET /backstage/api/1.0/ [account_id]/campaigns/[campaign_id]/
Authorization: Bearer [access_token]
Content-Type: application/json


Requests that fetch data need not include a Content-Type header.


A handful of Backstage API endpoints use a different Content-Type - e.g. the token endpoint. These exceptions are highlighted in the relevant topics.


If you submit a request that writes data (e.g. POST, PUT, PATCH) and omit the Content-Type header, the server will return 415 Unsupported Media Type.

    "http_status": 415,
    "message": "application/octet-stream content type is not supported by the requested resource"


All requests must use SSL (https). Non-secure requests will be ignored.

Account ID

Most API requests expect an account_id path parameter. This is the Advertiser (or Publisher) account for which the operation will be applied.

The account_id is an alphabetic string. For more details, see Your Account ID (below).