To ensure that all client and end-user data is kept private and secure, all API interactions require authentication of the client or application.
Any API request is validated with a unique set of credentials relevant to the application that handles the communication. Currently, Amazon Ad Server (AAS) supports a single, simple authentication method based on a manual pre-generated API username and password.
The API credentials are assigned to a specific API user, maintain a defined set of permissions, and uphold a defined request quota. For more information, see Quotas and Limitations on API Requests.
Important
Important: You cannot exceed 10 simultaneous, active, API sessions with the same user credentials.
The current authentication flow is as follows:
-
Client is generated with a specific API username, password, and API key.
-
Application that starts engaging the API uses the username, password, and API key to generate a AAS session token.
-
For the sandbox environment, the login URL is the following:
https://adapi.uat.sizmek.com/sas/login/login
-
For the production environment, the login URL is:
https://adapi.sizmek.com/sas/login/login/
-
-
Authenticate with API assigned user and password, and API key. Then, call a specific API method:
var settings = { "url": "https://adapi.uat.sizmek.com/sas/login/login", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "api-key": "api key token", "": "" }, "data": "{username:\"Username\", password: \"Password\"}", }; $.ajax(settings).done(function(response) { console.log(response); });
-
Implement the method adding the generated session token/sessionId and the API key in the "Authorization" header:
function call_method_x(sessionId) { $.ajax({ url: "https://adapi.sizmek.com/sas/ads", type: "GET", contentType: 'application/json', data: 'from=0&max=25', headers: { 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': sessionId 'api-key': key, }, success: function (data) { console.dir(data.result); } }); }
It is important to remember that the API credentials and generated token grant access to make requests and get access to the application data. Consider these values as sensitive as passwords; do not expose or share these values with non-trusted parties.
Comments