Zanox authentication for the Publisher, Data and Connect APIs is based on the OAuth 1.0 model. Zanox and the client will share a connnect ID - your account identifier, and a secret key which will be used to generate signatures for your API requests. Certain zanox data, such as AdMedia, Products and Programs, is publicly available, therefore API calls to retrieve it are not secured. It is enough to provide your connect ID for these calls. To retrieve or update sensitive data, such as Sales and Leads, you will have to sign your requests. Following data is required to retrieve sensitive data:
|Timestamp||GMT Timestamp, generated by the client at the time of request, valid 15 minutes|
|Nonce||Unique random string, generated at the time of request, valid once|
|Signature||Calculated using secret key, parts of request, timestamp and nonce|
Generating signatures is different for REST and SOAP interfaces. The procedures will be described in more detail in the links below.
Every set of credentials (connect ID + secret key) needs permissions to access and modify different API resources. Your API credentials automatically have all permissions for your account data. You can get API credentials for your account in zanox Marketplace, under Links & Tools > Web Services > API.
The zanox OAuth implementation also enables 3rd parties to build API-based services and applications. Zanox customers may grant permissions for those applications to make API calls on their behalf to take advantage of value added services that the application offers. Learn more about writing zanox API-based apps here