Authorization

To send a request to the Content Management API and GraphQL Asset Management API, you must include an authorization token in each request.

We provide a choice of two types of tokens:

• A token generated from a API key and secret using our authorization service. These tokens are set to expire after a set time period.
• A longer lasting personal access token (PAT) generated using the GraphQL Asset Management API. These tokens do not expire but can be deleted and are created per user per organization. Note that PATs can only be used for the Content Management API and account management features of the GraphQL Asset Management API.

On this page we'll explain how to authorize access to the APIs using a token generated from an API key and secret. For details of creating and managing PATs, visit the personal access tokens page.

API key and secret

Amplience uses OAuth2 to authorize access to the Content Management API and GraphQL Asset Management API using an API key and secret.

An API key and secret will be provided to you by Amplience at the beginning of your project, or you can request them from Amplience support. Your API key will define the resources to which you have access.

Your API key and secret are used to obtain an access token from the Amplience authorization service. This token must be included in the authorization header of all requests to the Content Management API and Asset Management API and is set to expire after a set time period, generally 300 seconds.

Getting an access token

​ To get an authorization token, send a POST request to the Amplience authorization server at https://auth.amplience.net as follows. ​

Request

POST  https://auth.amplience.net/oauth/token

Auth Headers

Header	Description
Content-Type	application/x-www-form-urlencoded

Auth Parameters

The parameters should be URL encoded and included in the body of the request:

client_id={yourclientid}&client_secret={yoursecret}&grant_type=client_credentials

Replace {yourclientid} and {yoursecret} with your client id and secret. ​

Parameter	Description
client_id	The client id (API key) provided to you by Amplience
client_secret	The client secret provided to you by Amplience
grant_type	Set this to client_credentials to specify that the authorization token should be generated based on the client ID and secret

Response

Auth Status codes

Status code	Description
200	OK. Credentials are valid.
400	Bad Request. client id or secret are not valid.

Auth Response body

If the client_id and client_secret are valid, the response body will be returned as in the example below. Note that the example access_token has been truncated.

{
  "access_token": "eyJraWQiOiJhbXBsaWVuY2UtdG9rZW4tc2lnbmluZy1rZXkiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhbXBsaWVuY2iwiZXhwIjoxNTU…",
  "session_expires_in": 0,
  "expires_in": 300
}

You will need to save the access token and include it in requests to the API. If the token has expired, request another token from the authorization service.

Including the token in an API request

Once the token is generated, it can then be used in requests made to the Content Management API and GraphQL Asset Management API. The token is sent in the Authorization header of the request and with the authorization format set to bearer.

For example, to make a request to the Content Management API, you would send a request to API endpoint such as: ​

GET https://api.amplience.net/v2/content/hubs

In the request header you must set the Authorization format to Bearer and include the access_token: ​

Authorization : Bearer {access_token}

Related pages

GraphQL Asset Management API

Content Management API