API ReferenceCommunity DiscussionAnnouncementsSubscribe
API ReferenceAnnouncementsCommunity Discussion
API ReferenceCommunity DiscussionAnnouncementsSubscribeLog In

Making Requests

In this topic, we review some basic concepts for making API requests.

Headers

In general, each Taboola Backstage API request should have 2 headers:

1. Authorization
2. Content-Type

These are explained below.

Authorization Header

Obtain an Access Token and include it in the Authorization header of each API request:

Authorization: Bearer [access_token]

(For more information about the Access Token, see Authentication Basics.)

πŸ“˜

The token endpoint itself (used to obtain an Access Token) does not require an Authorization Header.

Content-Type Header

In general, when submitting data to the server, the request should include a Content-Type header with the value application/json:

Content-Type: application/json

Request Example

GET /backstage/api/1.0/ [account_id]/campaigns/[campaign_id]/

Host: https://backstage.taboola.com
Authorization: Bearer [access_token]
Content-Type: application/json

πŸ“˜

Requests that fetch data need not include a Content-Type header.

πŸ“˜

A handful of Backstage API endpoints use a different Content-Type - e.g. the token endpoint. These exceptions are highlighted in the relevant topics.

🚧

If you submit a request that writes data (e.g. POST, PUT, PATCH) and omit the Content-Type header, the server will return 415 Unsupported Media Type.

{
    "http_status": 415,
    "message": "application/octet-stream content type is not supported by the requested resource"
}

SSL

All requests must use SSL (https). Non-secure requests will be ignored.

Account ID

Most API requests expect an account_id path parameter. This is the Advertiser (or Publisher) account for which the operation will be applied.

The account_id is an alphabetic string. For more details, see Your Account ID (below).