Authentification oAuth 2.0

Authentication to our APIs is based on the oAuth 2.0 protocol. Each call to our APIs has to contain an access_token that the client application will have requested beforehand from the Digitaleo authorization server: schéma oauth

Retrieving the application ids

To retrieve a client_id and a client_secret, you must declare an application in the Digitaleo platform.

For this,

  1. Connect to
  2. Click on the Parameters menu
  3. Go to the API tab

Retrieve an authentication token

The client must perform a POST request with the following parameters:

  • grant_type: The value must be "client_credentials" for this type of authorization
  • client_id: The id of the application (client)
  • client_secret: The secret key of the application (client)

Note: The client_id and client_secret will be sent to you.

The URL for retrieving a token is as follows

Example of an HTTP request

POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded


Example of a request with Curl

-d 'client_id=51612c780b4dbaea8f81995beccbcfec08969d0e'
-d 'client_secret=p280edbd76d510c41990cbe5e6108c7e'
-d 'grant_type=client_credentials'


If successful, the authorization server will return a code 200 HTTP response of which the body will contain the following JSON flow


Description of the various fields:





The token issued by the authorization server.

Note: The size of the token can range up to 50,000 characters


The lifespan in seconds of the token issued


The type of token. The Digitaleo server only supports the "bearer" type


The scope of the token

If one of the parameters is not correct, the authorization server will return a code 400 http response (HTTP/1.1 400 Bad Request) of which the body will contain the following json flow:

  "error_description":"The client credentials are invalid",

Using the authorization token (access_token)

The authorization token is sent to the API in the header of the HTTP request and more particularly in the header “Authorization: Bearer”. Note that the “Authorization: Bearer” is case-sensitive.

Example of an HTTP request

GET /rest/campaigns HTTP/1.1

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6ImYyMzE2…


Example of a request with Curl

curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6ImYyMzE2..."