Skip to main content


API Endpoint
Link copied!

There is a single endpoint for all requests to the GraphQL Asset Management API:

Link copied!

Link copied!

Amplience uses OAuth2 to authorize access to the GraphQL Asset Management API.

To use the API you will need an API key and secret. These credentials will be provided to you by Amplience at the beginning of your project, or you can request them from Amplience support. Your API key will define the resources to which you have access.

Your API key and secret are used to obtain an access token from the Amplience authorization service. This token must be included in the authorization header of all requests to the Asset Management API and is set to expire after a set time period, generally 300 seconds.

You can also use a personal access token instead of a token generated from an API key and secret to use the account management features of the API.

Note that for experimentation purposes, you can log in to the API Playground which will provide an authenticated call to the API

Getting an access token
Link copied!

​ To get an authorization token, send a POST request to the Amplience authorization server at as follows. ​

Link copied!

Auth Headers
Link copied!
Auth Parameters
Link copied!

The parameters should be URL encoded and included in the body of the request:


Replace {yourclientid} and {yoursecret} with your client id and secret. ​

client_idThe client id (API key) provided to you by Amplience
client_secretThe client secret provided to you by Amplience
grant_typeSet this to client_credentials to specify that the authorization token should be generated based on the client ID and secret

Link copied!

Auth Status codes
Link copied!
Status codeDescription
200OK. Credentials are valid.
400Bad Request. client id or secret are not valid.
Auth Response body
Link copied!

If the client_id and client_secret are valid, the response body will be returned as in the example below. Note that the example access_token has been truncated.

"access_token": "eyJraWQiOiJhbXBsaWVuY2UtdG9rZW4tc2lnbmluZy1rZXkiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhbXBsaWVuY2iwiZXhwIjoxNTU…",
"session_expires_in": 0,
"expires_in": 300

​ You will need to save the access token and include it in requests to the API. If the token has expired, request another token from the authorization service.

Including the token in an API request
Link copied!

​ To make a request to the GraphQL Asset Management API, you would send a request to API endpoint: ​


​ In the request header you must set the Authorization format to Bearer and include the access_token: ​

Authorization : Bearer {access_token}

​ Replace access_token with the access token returned by the authorization service. ​ ​ If the access token is valid, then the request is processed and the response is returned. ​

Link copied!

Both POST and GET methods are supported.

The HTTPS POST method is recommended. The query should be sent in the body of a POST request.

The HTTPS GET method requires that the query is included in the URL string using the ?query= parameter.

Status codes
Link copied!

Status codePhraseDescription
200OKSuccessful request
400Bad RequestNon specific error with request. Usually due to an invalid query or mutation argument
429Too many requestsA rate limit has been exceeded
500Internal server errorNon specific error occurred on the server

Error response format
Link copied!

If 400 (Bad request) error occurs, the response body contains a JSON object containing an errors array. This will contain the error type, a message field describing the error and a locations array stating where in the request body the error was found. Here is an example of an error due to a mistyped query:

"errors": [
"message": "Cannot query field \"mimetype\" on type \"Asset\". Did you mean \"mimeType\"?",
"locations": [
"line": 5,
"column": 7
"extensions": {

Asset ingestion
Link copied!

Assets can be ingested using the createAsset mutation by specifying a URL path to the source asset. The source asset must be available via a publicly accessible URL.

Identifying ingestion requests
Link copied!

Ingestion requests from the Asset Management API can be identified by the user agent, which is sent in an HTTP request header:

Request header nameRequest header value

Note: The number suffixed to the header value is the current version number of the API, and this number is subject to change.