Skip to main content

Send Side Authentication

Overview

The Send Side API uses OAuth 2.0 via the Bold Penguin authentication service for access control. OAuth 2.0 allows client to server authentication for HTTP services using ephemeral credentials.

Bold Penguin uses authentication tokens for send side service requests. These tokens are obtained using an OAuth 2 client_credentials grant request to the authentication endpoint.

You submit your unique Client ID and Client Secret and receive an access_token that will be used as a bearer token for subsequent requests. Tokens are valid for 12 hours. You can re-use The access_token for authenticating future requests. This token must be present as an authorization header when you send your application form to the Exchange:

Authorization: Bearer <access_token>

Your Account Manager will provide you with a unique Client ID and Client Secret for each Bold Penguin environment.

Example

The following is an example client credentials grant the service would receive.

POST /token HTTP/1.1
Host: authorization-server.com

grant_type=client_credentials
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx