Requests are authenticated using a standard two-legged OAuth2 flow: an access_token
is requested using an encoded API Key, and the resulting access_token
is used to authenticate against future requests.
You can find your API key in the LTV Dashboard by selecting an App -> Settings -> App Settings -> Scroll down -> API Keys.
Access tokens have a 1-hour lifetime and cannot be refreshed. Once a token expires you must request a new one with your Reporting API Key/Marketing API Key.
To request an access token you must send a POST request with an Authorization header using your API Key. If the credentials are valid the response will include an access token and the number of seconds until the token expires.
Example Request
POST /v1/oauth2/token
Host: api.tapjoy.com
Authorization: Basic <API Key>
Accept: application/json
Successful Response
status 200
{
“access_token”: “token_string”,
“token_type”: “bearer”,
“expires_in”: 3600,
“refresh_token”: null
}
Unsuccessful Response
status 401
{
“error”: “Unauthorized”
}
Once you have an access_token
, requests can be made to the API. The access_token
should be sent with every request in the Authorization header with a type of “Bearer”. If the access_token
has expired or does not exist the response will have a status of 401 Unauthorized.
Example Request
POST /v4/audiences
Host: api.tapjoy.com
Authorization: Bearer <token_string>
Accept: application/json
Missing/Invalid Token Response
status 401
{
“error”: “Unauthorized”
}