Using the Dynamic Content Management API
Dynamic Content uses OAuth2 to authorise access to the Dynamic Content management API. On this page we explain how to obtain an access token from the Amplience authorization service using the client credentials grant type and how to include the token in an API request. The client credentials grant type is intended for use in server-to-server integrations only.
We also detail fair usage and rate limits for the API.
On this page
To use the API you will need an API key and secret. These credentials will be provided to you by Amplience at the beginning of your project, or you can request them from Amplience support. Your API key will define the resources to which you have access.
Your API key and secret are used to obtain an access token from the Amplience authorization service. This token must be included in the authorization header of all requests to the Dynamic Content management API and is set to expire after a set time period, generally 300 seconds.
Getting an access token
To get an authorisation token, send a POST request to the Amplience authorisation server at https://auth.amplience.netas follows.
Request
POST https://auth.amplience.net/oauth/token
Headers
| Header | Description |
|---|---|
| Content-Type | application/x-www-form-urlencoded |
Parameters
The parameters should be URL encoded and included in the body of the request:
client_id={yourclientid}&client_secret={yoursecret}&grant_type=client_credentials
Replace {yourclientid} and {yoursecret} with your client id and secret.
| Parameter | Description |
|---|---|
| client_id | The client id (API key) provided to you by Amplience |
| client_secret | The client secret provided to you by Amplience |
| grant_type | Set this to client_credentials to specify that the authorisation token should be generated based on the client ID and secret |
Response
Status codes
| Status code | Description |
|---|---|
| 200 | OK. Credentials are valid. |
| 400 | Bad Request. client id or secret are not valid. |
Response body
If the clientID and secret are valid, the response body will be returned as in the example below. Note that the example access_token has been truncated.
{
"access_token": "eyJraWQiOiJhbXBsaWVuY2UtdG9rZW4tc2lnbmluZy1rZXkiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhbXBsaWVuY2UuY29tIiwiZXhwIjoxNTUzODY4NjIyLCJqdGkiOiJMT2pvZ1dtMFM3TkRNT2VsTk96cWVnIiwiaWF0IjoxNTUzODY3MzYyLCJzd…",
"session_expires_in": 0,
"expires_in": 300
}
You will need to save the access token and include it in requests to the API. If the token has expired, request another token from the authorisation service. The Dynamic Content management SDK contains code to help you manage the access token.
Including the token in an API request
To make a request to the Dynamic Content management API, for example to list all the hubs you have access to you would send a request such as:
GET https://api.amplience.net/v2/content/hubs
In the request header you must set the Authorization format to "Bearer" and include the access token:
Authorization : Bearer {access_token}
Replace {access_token} with the access token returned by the authorization service.
If the access token is valid, then the request is processed and the response is returned.
Fair usage
The Dynamic Content Management API is intended for backend applications such as webhook integrations and should not be used in production web applications.
Rate limits
Amplience reserves the right to impose rate limits on requests to the Dynamic Content Management API. We will only do this to help guarantee service availability to all our customers.
Publish content requests
There is a rate limit of 100 requests per minute for all requests to publish content.