PRODUCT
Follow

Overview

To ensure that all client and end-user data is kept private and secure, all API interactions require authentication of the client or application.

Any API request is validated with a unique set of credentials relevant to the application that handles the communication. Currently, Sizmek supports a single, simple authentication method based on a manual pre-generated API username and password.

The API credentials are assigned to a specific API user, maintain a defined set of permissions, and uphold a defined request quota. For more information, see Quotas and Limitations on API Requests.

Important

Important: You cannot exceed 10 simultaneous, active, API sessions with the same user credentials.

Authentication Flow

The current authentication flow follows these steps:

  1. Client is generated with a specific API username and password.

  2. Application that starts engaging the API uses the username and password to generate a Sizmek session token.

    • For the sandbox environment, the login URL is the following:

      https://adapi.uat.sizmek.com/sas/login/login
    • For the production environment, the login URL is one of the following:

      • https://api.sizmek.com/rest/login/login/
        
      • https://adapi.sizmek.com/sas/login/login/
        

Note

Note: Check with your client services manager regarding the correct URL to use.

Response:

Note

Note: An API key is required for this API login URL, https://adapi.sizmek.com/sas/login/login/ .

  1. Once a session token is generated, each API request includes the token and API key in the request headers in the Authorization field.

  2. When accessing the Sizmek REST API, the application uses the token and API key to authenticate each request.

  3. Once the token expires, the requests receive the relevant error message.

JavaScript Flow Examples

Example A

If you are using https://api.sizmek.com/rest/login/login/, the flow is as follows:

  1. Authenticate with API assigned user and password, than call a specific API method:

    $.ajax({
        url: "https://api.sizmek.com/rest/login/login",
        type: "POST",
        contentType: 'application/json',
        headers: 'Access-Control-Allow-Origin: *',
        data: '{username:"user", password: "password"}',
        success: function(data) {
            var sessionId = data.result.sessionId;
            call_method_x(sessionId);
        }
    
    });
    
  2. Implement the method adding the generated token in the "Authorization" header:

    function call_method_x(sessionId) {
        $.ajax({
            url: "https://api.sizmek.com/rest/ads",
            type: "GET",
            contentType: 'application/json',
            data: 'from=0&max=25',
            headers: {
                'Access-Control-Allow-Origin': '*',
                'Content-Type': 'application/x-www-form-urlencoded',
                'Authorization': sessionId
            },
            success: function (data) {
                console.dir(data.result);
            }
        });
    }

Example B

If you are using https://adapi.sizmek.com/sas/login/login/, the flow is as follows:

  1. Authenticate with API assigned user and password, and API key. Then, call a specific API method:

    $.ajax({
        url: "https://adapi.sizmek.com/sas/login/login",
        type: "POST",
        contentType: 'application/json',
        headers:{
            'Access-Control-Allow-Origin: *',
             data: '{username:"user", password: "password"}',
            'api-key': key,
      },
    
        success: function(data) {
            var sessionId = data.result.sessionId;
            call_method_x(sessionId);
        }
    
    });
  2. Implement the method adding the generated token and the API key in the "Authorization" header:

    function call_method_x(sessionId) {
        $.ajax({
            url: "https://adapi.sizmek.com/sas/ads",
            type: "GET",
            contentType: 'application/json',
            data: 'from=0&max=25',
            headers: {
                'Access-Control-Allow-Origin': '*',
                'Content-Type': 'application/x-www-form-urlencoded',
                'Authorization': sessionId
                'api-key': key,
     }, 
     
     success: function (data) {
     console.dir(data.result);
     }
     });
    }

Credentials and Tokens

It is important to remember that the API credentials and generated token grant access to make requests and get access to the application data. Consider these values as sensitive as passwords; do not expose or share these values with untrusted parties.

HTTPS Protocol

Authentication and all other requests are only secure if SSL is used. Therefore, all requests must use the HTTPS protocol.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk