Old Authorization

While Aprimo Authorization continues to function, if possible you should used OAuth2.0 flows.

Step 1: Register the Client Application

Complete these steps in Marketing Operations.

1. Point to System Administration, and click System Tools.
2. In System Tools, point to Integration and click Registrations.
3. Click New.
4. Complete the fields, setting the OAuth Flow Type to < None >.
   Note: The Client Secret field operates like a password. However, there is no way to retrieve it from system, so remember it, or store it safely.
5. Click Save.

Step 2: Get the Authorization Code

Complete these steps in your web browser.

1. Navigate to this URL: https://[CustomerURL]/api/oauth/authorize?client_id=[ClientId]&redirect_uri=https%3A%2F%2Fwww.microsoft.com (replacing CustomerURL, ClientID and redirect_uri value with the appropriate values for your site. Note that the redirect_url must be url encoded since it is a query string parameter).
2. Log in to the site.
   When your credentials are validated, you are redirected to a URL that is a concatenation of the redirect URI you specified and the authorization code.
   Example: https://www.microsoft.com/?AuthorizationCode=DI3V7NK44I

Note: The authorization code is only valid for five minutes.

Step 3: Create a Base-64 Encoded Authorization Code

Complete this task in your web browser.

• Go to https://www.base64encode.org/ and create a base64 encoded string of [ClientId]:[Secret].
  Note: The colon between [ClientID] and [Secret] is required.

Step 4: Get Authorization and Refresh Tokens

Complete these steps in Postman.

1. Select POST.
2. Enter this URL: https://[CustomerURL]/api/oauth/create-token.
3. Click the Headers tab.
4. Type these Key-Value pairs:
   • client-id : [ClientId]
   • authorization-code : [authorization code you obtained in Step 2: Get the Authorization Code]
   • content-type : application/Json
   • Authorization : Basic [Base64 encoded string you obtained in Step 3: Create a Base-64 Encoded Authorization Code]
5. Click Send.
   An access token and refresh token are returned.

Note: By default, the access token lasts 10 minutes before needing a refresh. You can use the refresh token to generate new access tokens for 7 days. If you receive a 401 Unauthorized response from the API with a null response body, your access token has expired.

Step 5: Refresh an Access Token (Optional)

Access tokens are only valid for 10 minutes by default. Once a token expires, API calls return unauthorized 401 responses. The advantage of using this method is that it hides authentication information from the header. Complete these steps in Postman.

1. Select POST.
2. Enter this URL: https://[CustomerURL]/api/token.
3. Click the Headers tab.
4. Type these Key-Value pairs:
   • client-id : [ClientId]
   • content-type : application/Json
5. Click the Body tab.
6. Click raw.
7. Type:

    {
      "refreshToken":"[refresh token returned in Step 4: Get Authorization and Refresh Tokens]"
    }

8. Click Send.
   This returns a new access token that is good for 10 minutes

While Aprimo Authorization continues to function, if possible you should used OAuth2.0 flows.

Step 1: Register the Client Application

Complete these steps in Marketing Operations.

1. Point to System Administration, and click System Tools.
2. In System Tools, point to Integration and click Registrations.
3. Click New.
4. Complete the fields, setting the OAuth Flow Type to < None >.
   Note: The Client Secret field operates like a password. However, there is no way to retrieve it from system, so remember it, or store it safely.
5. Click Save.

Step 2: Generate a Native Token

Complete these steps in Marketing Operations.

1. Log in as the user for whom you will create the token.
2. On the toolbar, click the User button, and click User Token.

3. Click Generate.

Step 3: Create a Base-64 Encoded Authorization Code

Complete this task in your web browser.

• Go to https://www.base64encode.org/ and create a base64 encoded string of [UserName]:[UserToken].
  Note: The colon between [UserName] and [UserToken] is required.

Step 4: Get the Access Token and Refresh Token

Complete these steps in Postman.

1. Enter this URL: https://[CustomerURL]/api/oauth/create-native-token.
2. Click the Headers tab.
3. Type these Key-Value pairs:
   • client-id : [ClientId]
   • content-type : application/Json
   • Authorization : Basic [Base64 encoded string you obtained in Step 3: Create a Base-64 Encoded Authorization Code]
4. Click Send.
   An access token and refresh token are returned.

Note: By default, the access token lasts 10 minutes before needing a refresh. You can use the refresh token to generate new access tokens for 7 days.

Step 5: Refresh an Access Token

Note: This step is optional. The process can be handled programmatically from within the service. The advantage of using this method is that it hides authentication information from the header.

Complete these steps in Postman.

1. Select POST.
2. Enter this URL: https://[CustomerURL]/api/token.
3. Click the Headers tab.
4. Type these Key-Value pairs:
   • client-id : [ClientId]
   • content-type : application/Json
5. Click the Body tab.
6. Click raw.
7. Type:

    {
      "refreshToken":"[refresh token returned in Step 4: Get the Access Token and Refresh Token]"
    }

8. Click Send.
   This returns a new access token that is good for 10 minutes

You can revoke all refresh tokens for a user at DELETE api/oauth/revoke/{userID}. This immediately expires all refresh tokens associated with the {userID}. This route returns an error if the API user does not have permission to access the route:

• the API user must match the {userID} specified; OR
• the API user must be a Security Administrator or System Administrator (to revoke the refresh tokens of a different user)