As soon as you have received your Authentication Credentials (client_id and client_secret) from your Smaato Account Manager, you’ll need to follow these steps to get started:

1. Connect to our Authorization Endpoint with your Client ID

Make a GET Request to:

 

https://api.smaato.com/v1/auth/authorize/?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}
client_id - substitute this for your application’s Client ID.

redirect_uri - (Optional) the location to redirect the request to. If missing, Smaato will use the default Redirect URI that was provided by you to generate credentials.

You’ll receive a response from us, which should look somewhat like the following:

https://yoururl.org/some/redirect/uri?code={authorization_code}

Extract the authorization_code that is provided in the Redirect URI. You’ll need this for the next step.

2. Retrieve the Access Token 

Make a POST Request to: 

https://api.smaato.com/v1/auth/token/?grant_type=authorization_code

The following the are data that you need to provide to the POST request: 

client_id - substitute this for your application’s client ID.

client_secret - (this is the other credential provided by your account manager)

code - this is the authorization code from step 1.

Example Access Token Request:

POST https://api.smaato.com/v1/auth/token/?grant_type=authorization_code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
 
Content:
client_id={client_id}&client_secret={client_secret}&code={authorization_code}

In response to the POST request, you will receive a JSON object that will have the {access_token}. You may now access our API using this {access_token}.

Please note:

The access_token expires every 24 hours and the authorization_code expires after single use, so you’ll have to repeat steps 1 and 2 every time your token has expired.

The access_token needs to be provided as an Authorization header to all HTTP requests to all Smaato API endpoints that need authorization. An example header is:

Authorization: Bearer {access_token}