Developers
OAuth 2.0

Authorization

OAuth 2.0

Getting access_token

To get an access_token you have to send a POST request with your data to the authorization server.

You can get client_id and client_secret parameters at your personal page.

The request to get a token (HTTP):
https://auth2.cityads.com/oauth/access_token
{
    "client_id": "client_id_string",
    "client_secret": "client_secret_string",
    "grant_type": "client_credentials"
}
                    
The request to get a token (cURL):
curl -L -X POST \
    -H "Content-Type:application/json" \
    -d \
'{
    "client_id": "client_id_string",
    "client_secret": "client_secret_string",
    "grant_type": "client_credentials"
}' \
'https://auth2.cityads.com/oauth/access_token'
                    
Input data:
Name:
client_id User identifire. Available at your personal page.
client_secret User secret key. Available at your personal page.
grant_type Token request mode – "client_credentials".
Server response:

The server will respond with a JSON of the following structure

{
    "access_token": "mmMy2dZEeoMm13Fr7X6uc8TaP5262Qjin717P67Z",
    "token_type": "Bearer",
    "expires_in": 3600
}
                    
Response parameters:
Name:
access_token The token for API requests.
token_type Token type – "Bearer".
expires_in Expiration time of the granted token in seconds.
Using access_token

You have to add the value of access_token you received to all types of requests of the new publisher API as a GET parameter.

For example:

GET https://cityads.com/api/rest/webmaster/v2/lostOrders?offers=4325,663&page=1&perpage=10
&access_token=Cr9G7dVD0FZMGaqrR9EPXXSl1J6A27AnJrNnl6Qi
                    

In case of user password changing all granted tokens will become invalid.