Quickstart

1. Authentication

Requests are authenticated using a standard two-legged OAuth2 flow: an access_token is requested using the publisher reporting api key, and the resulting access_token is used to authenticate against future requests. Access tokens have a 1-hour lifetime and cannot be refreshed: once a token expires you simply request a new one with your api key.

The Publisher Reporting API Key should be retrieved from the dashboard (via Settings > App Settings) while logged in as an admin account (i.e. one that has full access to all dashboard data). If not, the API might return an "empty" response even though data is available.

image_title

A. Example Request

POST /v1/oauth2/token
Host: api.tapjoy.com
Authorization: Basic [base_64(Publisher Reporting API Key)]
Accept: application/json; */*

B. Success Response

status 200
{
  “access_token”: “token_string”,
  “token_type”: “bearer”,
  “expires_in”: 3600,
  “refresh_token”: null
}

C. Bad Credentials Response

status 401
{
  “error”: “Bad or missing authentication token”
}

2. Making a request

Once you have an access_token requests can be made to the rest of the API. The access_token should be sent with every request in the Authorization header with a type of “Bearer”. If the access_token has expired or does not exist the response will have a status of 401 Unauthorized. The token generally lasts for 1 hour.

Example Request

GET /v2/publisher/reports?
Host: api.tapjoy.com
Authorization: Bearer [Access token]
Accept: application/json; */*