Authorization and Headers

This article describes authentication and auhorization configurations required to access and use the DSP Traffic API.

Overview

The Oath Ad Platforms DSP API uses the OAuth 2.0 protocol as a simple and secure method for handling authentication and controlling access.

Oath Ad Platforms DSP supports the server-side application profile only. Your YDN app is a web-based application that provides user access via an HTML-based user agent. Client credentials and tokens are issued and stored on the web server and are inaccessible to the user.

Access to Oath Ad Platforms DSP seat data is granted explicitly via a bearer token. The BrightRoll API is accessible via an access token that is issued to the YDN app.

Authorization

The Oath Ad Platforms DSP API one-time setup specifies the steps that every YDN app must follow to enable OAuth support, obtain API access to the platform, and make requests using the |api|s. To learn more, see Obtain OAuth Credentials.

Once you have the OAuth authentication credentials for your YDN app, your client application can request an access tokens from the YDN authorization server. These OAuth tokens will enable your application to access the Oath Ad Platforms DSP API in all subsequent requests. The access token is a temporal credential that enables the YDN app to make requests. The refresh token is a persistent credential that enables the YDN app to generate new access tokens. To learn more, see Generate OAuth Tokens.

The lifetime of an access token is limited to one hour. If your YDN app needs to access an API beyond the lifetime of a single access token, it can generate a new access token using its refresh token. To learn how to refresh tokens, see Refresh Access Token.

Headers

Include the value of your fresh access_token in the X-Auth-Token header of each request made to the DSP Traffic API.

curl -X POST "https://dspapi-sbx.admanagerplus.yahoo.com/traffic/dictionary"
  -H "Content-Type: application/json"
  -H "X-Auth-Method: OAUTH"
  -H "X-Auth-Token: Shp3CUKR5Q..."

All requests to the DSP Traffic API must contain the following headers:

Table 14 Required Headers
Header Definition
Content-Type application/json
X-Auth-Method OAUTH
X-Auth-Token <<OAUTH ACCESS TOKEN>>

Validation

Use the Sandbox Environment environment to validate workflows.

You cannot use your production account to access the sandbox.

When you are ready to switch to production system with live campaigns, double check the following:

  • Confirm that the API hostname is correct. Should be https://dspapi.admanagerplus.yahoo.com.
  • Ensure that you are using access tokens generated using your production account.