Link Search Menu Expand Document

PDF

Programmatic Authentication

Platform API

Last updated on August 8, 2017


Use programmatic authentication if you are accessing OpenX protected resources with your own credentials only and don’t plan on providing a web-based login form for other Users.

To run automated processes, include a valid username and password in your code or make them available to the code. If successful, programmatic logins return oauth_token and oauth_verifier in the body of the response.

NOTE

Your client application must be able to persist cookies across an HTTP 302 redirect in a cookie named openx3_access_token, which must be present in all API requests.

Authenticating a User using OAuth involves the following steps:

NOTE

These steps are the same as Browser-Based Authentication except for a few details, only the differences are explained.


1. Requesting an Unauthorized Request Token

Difference between programmatic and browser-based authentication:

Because this is programmatic authentication instead of browser-based, you must set the callbackUrl to oob (out-of-band), which tells the OAuth server that you are not redirecting a User to a URL. The OAuth Server returns the request token.


2. Authorizing the User

Difference between programmatic and browser-based authentication:

Authorize the request token by sending an HTTP POST request to https://sso.openx.com/login/process with the following parameters:

ParameterDescription
emailThe User’s email address.
passwordThe User’s password.
oauth_tokenThe OAuth request token.

For programmatic authentication, the client application must pass in the request token oauth_token and the User’s email and password to https://sso.openx.com/login/process (not https://sso.openx.com/login/login).


3. Requesting an Access Token

Difference between programmatic and browser-based authentication:

This process is the same as browser-based authentication with the addition the following step:

The Consumer (your application) should now persist the access token in a cookie so that it can be used to access the protected resources. The cookie should be named openx3_access_token, which must be present in all API requests.


4. Accessing Protected Resources with the Access Token

Difference between programmatic and browser-based authentication:

The client application uses the access token to perform OpenX API operations. Consider the following:

  • You must refresh the OpenX session at least once every two hours or your session expires.
  • Passwords expire after six months. Ten days before your password expires, OpenX sends you an email reminder to change your password.

Logging Out

When finished with your API session, terminate it by sending DELETE /session to log out.