Using the Dynamic Content Management API

Dynamic Content uses OAuth2 to authorise access to the Dynamic Content management API. On this page we explain how to obtain an access token from the Amplience authorization service using the client credentials grant type and how to include the token in an API request. The client credentials grant type is intended for use in server-to-server integrations only.

We also detail fair usage and rate limits for the API.

API key and secret

To use the API you will need an API key and secret. These credentials will be provided to you by Amplience at the beginning of your project, or you can request them from Amplience support. Your API key will define the resources to which you have access.

Your API key and secret are used to obtain an access token from the Amplience authorization service. This token must be included in the authorization header of all requests to the Dynamic Content management API and is set to expire after a set time period, generally 300 seconds.

Getting an access token

To get an authorisation token, send a POST request to the Amplience authorisation server at https://auth.amplience.netas follows.




Header Description
Content-Type application/x-www-form-urlencoded


The parameters should be URL encoded and included in the body of the request:


Replace {yourclientid} and {yoursecret} with your client id and secret.

Parameter Description
client_id The client id (API key) provided to you by Amplience
client_secret The client secret provided to you by Amplience
grant_type Set this to client_credentials to specify that the authorisation token should be generated based on the client ID and secret


Status codes
Status code Description
200 OK. Credentials are valid.
400 Bad Request. client id or secret are not valid.
Response body

If the clientID and secret are valid, the response body will be returned as in the example below. Note that the example access_token has been truncated.

  "access_token": "eyJraWQiOiJhbXBsaWVuY2UtdG9rZW4tc2lnbmluZy1rZXkiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhbXBsaWVuY2UuY29tIiwiZXhwIjoxNTUzODY4NjIyLCJqdGkiOiJMT2pvZ1dtMFM3TkRNT2VsTk96cWVnIiwiaWF0IjoxNTUzODY3MzYyLCJzd…",
  "session_expires_in": 0,
  "expires_in": 300

You will need to save the access token and include it in requests to the API. If the token has expired, request another token from the authorisation service. The Dynamic Content management SDK contains code to help you manage the access token.

Including the token in an API request

To make a request to the Dynamic Content management API, for example to list all the hubs you have access to you would send a request such as:


In the request header you must set the Authorization format to "Bearer" and include the access token:

Authorization : Bearer {access_token}

Replace {access_token} with the access token returned by the authorization service.

If the access token is valid, then the request is processed and the response is returned.

Fair usage

The Dynamic Content Management API is intended for backend applications such as webhook integrations and should not be used in production web applications.

Rate limits

Amplience reserves the right to impose rate limits on requests to the Dynamic Content Management API. We will only do this to help guarantee service availability to all our customers.

Publish content requests

There is a rate limit of 100 requests per minute for all requests to publish content.