Authentication
The Rokt Reporting API leverages the OAuth 2.0 approach to client integration. See the OAuth 2.0 Credentials Flow for more details. You need to use your Rokt App ID and App Secret to access the Rokt Reporting API.
The steps to generate the App ID and App Secret are explained below. You can generate credentials for the Rokt Event API with these same steps.
You need to use these client app credentials in the REST interactions with the Rokt Reporting API.
Generating App ID and App Secret
Sign in to One Platform at my.rokt.com.
Navigate to Profile Settings under your account icon at the top right.
Scroll down to the Generate Personal API Credentials section.
Enter the name of your app.
Click Generate.
Your credentials for both the Reporting API and Event API will generate right away and will look something like this:
AppId: "40svbin0d194subpohl079rhck" AppSecret: "1dimhvr1v6skae9uhvtgs3chs2astnjf0469df6ul9hurubtoovn"Store the App ID and App Secret in a secure location. You will not have access to the App Secret again after this session.
You can use these credentials right away.
You should keep the credentials confidential in order to protect your account and they should never be emailed. Do not share them outside your organization, even if an inquiry appears to come from Rokt. No one who legitimately represents Rokt will ever ask you for your App Secret.
Authentication
An access token is needed to call any endpoint on the Rokt Event API. Access tokens allow Rokt to identify client apps, the type of data that each client app is accessing, and prevent malicious apps from accessing data that they do not have access to.
Authentication to the API is performed via OAuth 2.0. To run a successful API call, you will need to use an App ID and App Secret to obtain an access token that will need to be used in all API calls. App ID and App Secret can be generated on the Profile Settings page in One Platform as described above.
API requests without authentication or with incorrect authentication will fail. The API will return either a 400 or 403 error code. From the Rokt Reporting API, you can only retrieve data from the accounts that your user credentials have access to.
Getting an access token
Access tokens are generated based on the App ID and App Secret created in the previous step. The access token lasts one hour. During that hour the access token can be used to call all endpoints on the Rokt Reporting API. Before it expires, you need to re-generate the access token based on the client app credentials.
In order to get the access token, an endpoint is exposed in the Rokt Reporting API:
POST https://api.rokt.com/auth/oauth2/token
Request parameters in header
| Key | In | Description | Required? | Example |
|---|---|---|---|---|
| Authorization | header | app_id and app_secret must be passed in the authorization header through Basic HTTP authorization and can be generated under Profile Settings in One Platform; the header content is Basic base64encode(app_id:app_secret) | Yes | Basic base64encocde(12345:abcde) |
| Content-Type | header | Media type of request must always be application/X-www-form-urlencoded | Yes | application/X-www-form-urlencoded |
Request parameters in body
| Key | In | Description | Required? | Example |
|---|---|---|---|---|
| grant_type | body | Must be client_credentials | Yes | client_credentials |
Example successful request
Sample request:
POST https://api.rokt.com/auth/oauth2/token&
Content-Type='application/x-www-form-urlencoded'&
Authorization=Basic xxx
grant_type=authorization_code
Sample response:
{
"access_token": "eyJraWQiOiJNMDJyQmZzT3pNKzRVMjhHRjVuaDdIREphWlIwaytDMlwvNFl5dXYxZ2N0ST0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0MHN2YmluMGQxOTRzdWJwb2hsMDc5cmhjayIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoicmVwb3J0LWFwaVwvcmVhZC1yZXBvcnQtYXBpIiwiYXV0aF90aW1lIjoxNTg1MTEwMDQxLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl9kb3dOWnV6VFgiLCJleHAiOjE1ODUxMTM2NDEsImlhdCI6MTU4NTExMDA0MSwidmVyc2lvbiI6MiwianRpIjoiZDFlNjgyMDYtNWVlNy00NThjLTkwODYtZjAwYjhiMjEzYjJhIiwiY2xpZW50X2lkIjoiNDBzdmJpbjBkMTk0c3VicG9obDA3OXJoY2sifQ.NOJIx7qLHFVXqKNZfJKsJlwitOvbHOLdknQ\_D33WjYe8O9ZE08t7LFgs7ANiwBicN5ejmdS7iND0cth5ViUWK5MKZxvLKI6dPG5RljegfpZJtGKqDT\_MFfpayvcOlkkZc5yRw9Bcgz\_fW2ha7q6BGRsUb-e9DZ0Pcb5zL\_HbRLbnvlhYCYi9rPmYOYG6BronvLwB8sg2kVubLQGn\_ASbK\_FW8bKPhqH4BL2\_JunGBzUKJPL9yNvOnFy7VKwlvH1OKUqKlCYbewOtUd1utcMNIb\_AbSGRtzJKslbE5VwQtL5bZ34kOCNH07gSolSGvqqw4dyxU4l0QSVXVmqgVYdKfA",
"expires_in": 3600,
"token_type": "Bearer"
}
Calling an API endpoint
Using the access token from the previous step, you can now call endpoints on the Rokt Reporting API. Note that the token must be sent as a Bearertoken in the Authorization header.
Sample API request:
GET https://api.rokt.com/reporting/performance-reports/partner/1/stats?dateStart=2020-02-05&dateEnd=2020-02-12&
Authorization=Bearer eyJraWQiOiJNMDJyQmZzT3pNKzRVMjhHRjVuaDdIREphWlIwaytDMlwvNFl5dXYxZ2N0ST0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0MHN2YmluMGQxOTRzdWJwb2hsMDc5cmhjayIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoicmVwb3J0LWFwaVwvcmVhZC1yZXBvcnQtYXBpIiwiYXV0aF90aW1lIjoxNTg1MTEwMDQxLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl9kb3dOWnV6VFgiLCJleHAiOjE1ODUxMTM2NDEsImlhdCI6MTU4NTExMDA0MSwidmVyc2lvbiI6MiwianRpIjoiZDFlNjgyMDYtNWVlNy00NThjLTkwODYtZjAwYjhiMjEzYjJhIiwiY2xpZW50X2lkIjoiNDBzdmJpbjBkMTk0c3VicG9obDA3OXJoY2sifQ.NOJIx7qLHFVXqKNZfJKsJlwitOvbHOLdknQ\_D33WjYe8O9ZE08t7LFgs7ANiwBicN5ejmdS7iND0cth5ViUWK5MKZxvLKI6dPG5RljegfpZJtGKqDT\_MFfpayvcOlkkZc5yRw9Bcgz\_fW2ha7q6BGRsUb-e9DZ0Pcb5zL\_HbRLbnvlhYCYi9rPmYOYG6BronvLwB8sg2kVubLQGn\_ASbK\_FW8bKPhqH4BL2\_JunGBzUKJPL9yNvOnFy7VKwlvH1OKUqKlCYbewOtUd1utcMNIb\_AbSGRtzJKslbE5VwQtL5bZ34kOCNH07gSolSGvqqw4dyxU4l0QSVXVmqgVYdKfA