API Authentication

1. Requesting Access

Requests are authenticated using a standard two-legged OAuth2 flow: an access_token is requested using an encoded API Key, and the resulting access_token is used to authenticate against future requests.

You can find your API key in the LTV Dashboard by selecting an App -> Settings -> App Settings -> Scroll down -> API Keys.

image_title

Access tokens have a 1-hour lifetime and cannot be refreshed. Once a token expires you must request a new one with your Reporting API Key/Marketing API Key.

To request an access token you must send a POST request with an Authorization header using your API Key. If the credentials are valid the response will include an access token and the number of seconds until the token expires.

Example Request

Raw
Curl
Ruby
POST /v1/oauth2/token 
Host: api.tapjoy.com 
Authorization: Basic <API Key> 
Accept: application/json

Successful Response

status 200 
{ 
“access_token”: “token_string”, 
“token_type”: “bearer”, 
“expires_in”: 3600, 
“refresh_token”: null 
} 

Unsuccessful Response

status 401
{ 
“error”: “Unauthorized” 
} 

2. Using the Access Token

Once you have an access_token, requests can be made to the API. The access_token should be sent with every request in the Authorization header with a type of “Bearer”. If the access_token has expired or does not exist the response will have a status of 401 Unauthorized.

Example Request

POST /v4/audiences 
Host: api.tapjoy.com 
Authorization: Bearer <token_string> 
Accept: application/json

Missing/Invalid Token Response

status 401 
{ 
“error”: “Unauthorized” 
}