Authentications

Client Authentication Version 1

As soon as you have received your Authentication Credentials (client_id and client_secret) from your Smaato Account Manager, you’ll need to follow these steps to get started:

Connect to our Authorization Endpoint with your Client ID

Make a GET Request to:

https://api.smaato.com/v1/auth/authorize/?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}

client_id – substitute this for your application’s Client ID.

redirect_uri – (Optional) the location to redirect the request to. If missing, Smaato will use the default Redirect URI that was provided by you to generate credentials.

You’ll receive a response from us, which should look somewhat like the following:

https://yoururl.org/some/redirect/uri?code={authorization_code}

Extract the authorization_code that is provided in the Redirect URI. You’ll need this for the next step.

Retrieve the Access Token

Make a POST Request to API Authorization Token.

https://api.smaato.com/v1/auth/token/?grant_type=authorization_code

The following the are data that you need to provide to the POST request:

client_id – substitute this for your application’s client ID.

client_secret – (this is the other credential provided by your account manager)

code – this is the authorization code from step 1.

Example Access Token Request:

POST https://api.smaato.com/v1/auth/token/?grant_type=authorization_code HTTP/1.1
Content-Type: application/x-www-form-urlencoded Content: client_id={client_id}&client_secret={client_secret}&code={authorization_code}

In response to the POST request, you will receive a JSON object that will have the {access_token}. You may now access our API using this {access_token}.

The access_token expires every 24 hours and the authorization_code expires after a single use, so you’ll have to repeat steps 1 and 2 every time your token has expired.

The access_token needs to be provided as an authorization header to all HTTP requests to all Smaato API endpoints that need authorization. An example header is:

Authorization: Bearer {access_token}

Client Authentication Version 2

As soon as you have retrieved your Authentication Credentials (client_id and client_secret) from your SPX Account (under OAuth API Credentials), you’ll need to retrieve an access token to get started:

To do so, make a POST Request to API Authorization Token.

https://auth.smaato.com/v2/auth/token/

The following the are data that you need to provide to the POST request:

client_id – substitute this for your application’s client ID.

client_secret – (this is the other credential provided by your account manager)

grant_type = client_credentials

Example Access Token Request:

POST https://auth.smaato.com/v2/auth/token/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded Content: client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials

In response to the POST request, you will receive a JSON object that will have the {access_token}. You may now access our API using this {access_token}.

The access_token expires every 10 hours, so you’ll have to repeat this step frequently.

The access_token needs to be provided as an authorization header to all HTTP requests to all Smaato API endpoints that need authorization. An example header is:

Authorization: Bearer {access_token}

Modified: October 1, 2019 at 2:50 pm