API Authentication

1. Requesting Access

Requests are authenticated using a standard two-legged OAuth2 flow: an access_token is requested using an encoded API Key, and the resulting access_token is used to authenticate against future requests. Access tokens have a 1-hour lifetime and cannot be refreshed - once a token expires you simply request a new one with your Publisher Reporting API Key/Marketing API Key.

Example Request

POST /v1/oauth2/token 
Host: api.tapjoy.com 
Authorization: Basic <Publisher Reporting API Key> 
Accept: application/json; */* 

Success Response

status 200 
{ 
“access_token”: “token_string”, 
“token_type”: “bearer”, 
“expires_in”: 3600, 
“refresh_token”: null 
} 

Bad Credentials Response

status 401
{ 
“error”: “Unauthorized” 
} 

2. Using the Access Token

Once you have an access_token, requests can be made to the API. The access_token should be sent with every request in the Authorization header with a type of “Bearer”. If the access_token has expired or does not exist the response will have a status of 401 Unauthorized.

Example Request

POST /v4/audiences 
Host: api.tapjoy.com 
Authorization: Bearer <token_string> 
Accept: application/json; */* 

Missing/Invalid Token Response

status 401 
{ 
“error”: “Unauthorized” 
}