Authorization
Introduction
The Aprimo Distributed Marketing REST API uses OAuth 2.0 style authorization. In order to make API calls, you must:
- Register an integration client.
- Use the generated client ID to retrieve an access token.
- Pass the access token in an Authorization header when making API calls.
Registering an integration client
To register an integration client, log into your Aprimo DM account, If logging in as a brand or intermediary, you must log in as the official account or as someone with channel administrator rights. If logging in as a partner, you must log in as the partner official account.
Once you’ve logged in, navigate to the integrations area.
Once there, on the right hand side, select ‘General’ for type of integration, and give a meaningful name to your integration. You’ll see your integration appear on the left hand side.
Click on the name of your integration on the left hand side to see the Client ID you will need to get an access token.
Today, only the resource owner password style OAuth flow is supported, so Client Secret is not used.
Retrieving an access token
Resource | OAuth 2.0 Resource Owner Password Flow |
Method | POST |
Resource URL | Production: https://auth.aprimodm.com/api/v1.0/token |
Request Headers | None |
Request Body Sample
UserName=myUserName&Password=myPassword&grant_type=password&client_id=1BGEBC9E-A76D-4B85-936F-CFDBE412E8A5
Response Body Sample
{
"access_token":"BGOtjJJYRfzzVwtywyWUKO61y7MGlwUmZjinUujYIUPlomDFkpqsvKRenTrkOho0ZV61RjP-dKk2pMFjV_iJbhp5QDerwIC5lYFUZbx0qpFR9FVyJv7pzOksW2h9zOEkJnMfonkKDrpAcws8oM6WyZz7HjCntDTl1Y_MdtV4xoWTdnLlEPg2O9_QwxQT2GZ6Kj_sGX6hmBySVEVUnXWwOKqny1oCjP_t_5FSToZvNkE",
"token_type":"bearer",
"expires_in":3599
}
Using the access token
Access token are valid for 1 hour, at which point you will need to call the get token endpoint again to get a new one.
All endpoints aside from the Get Access Token endpoint require the access token to be passed in.
Access tokens must be passed in via an Authorization HTTP Header, like:
Authorization: Bearer access_token
Where “Authorization” is the header name, and “Bearer access_token” is the value. Bearer is constant, but access_token should be replaced with your access token, such as:
Authorization: Bearer BGOtjJJYRfzzVwtywyWUKO61y7MGlwUmZjinUujYIUPlomDFkpqsvKRenTrkOho0ZV61RjP-dKk2pMFjV_iJbhp5QDerwIC5lYFUZbx0qpFR9FVyJv7pzOksW2h9zOEkJnMfonkKDrpAcws8oM6WyZz7HjCntDTl1Y_MdtV4xoWTdnLlEPg2O9_QwxQT2GZ6Kj_sGX6hmBySVEVUnXWwOKqny1oCjP_t_5FSToZvNkE