Driftrock OAuth2 API Client Credentials

Driftrock OAuth2 API Client Credentials

How to connect to Driftrock OAuth2 API

Our API supports the OAuth 2.0 Client Credentials Grant as specified in RFC 6749 Section 4.4 for requesting JWT Access Tokens to be used in calling our API.

The endpoints used to exchange client credentials for access tokens are as follow:

  • Staging Environment: https://api-staging.driftrock.com/oauth2/token
  • Production Environment: https://external-apis.driftrock.com/oauth2/token

When implementing, please keep in mind:

  • Use Authorization: Basic <encoded credentials> scheme to authenticate with client credentials and the grant_type=client_credentials parameter, when requesting an access token
  • Use Authorization: Bearer <access_token> when making calls to our API.

Examples

Access Token Request

POST /oauth2/token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials


Response Successful

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
     
{
    "access_token": "eyJhbGciOiJIUzI1NiIs...",
    "token_type": "Bearer",
    "expires_in": 3600
}

Response Error

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
 "error": "invalid_grant",
 "error_description": "Invalid credentials"
}

Using the JWT Access Token with our API

Once you obtain the JWT Access Token, you can use it to authenticate API requests to any /v2 endpoint:

POST /v2/event
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...


Security Considerations

  • Always transmit client credentials and tokens over HTTPS
  • Store client secrets securely and never expose them publicly, such as in front-end implementation or mobile applications.

Best Practices

  • Use OAuth 2.0 Client Credentials for all new integrations
  • Consider migrating existing integrations from API keys to OAuth 2.0
  • Implement proper token expiration and requesting new tokens.

Basic Authorization Scheme

As described by RFC 7617, the Basic scheme requires the following encoding of client credentials:

Authorization: Basic <credential , where <credentials> is the Base64 encoding of client ID and client secret joined by a single colon:

JavaScript example:

function encodeCredentials(clientId, clientSecret) {
	return 'Basic ' + btoa(unescape(encodeURIComponent(clientId + ':' + clientSecret)))
}

async function getAccessToken(clientId, clientSecret) {
	let response = await fetch('https://example.com/path', {
		method:'GET', 
		headers: {'Authorization': encodeCredentials(clientId, clientSecret)}
	});
	let data = await response.json();
	return data.access_token;
}

// Get the JWT token
await getAccessToken("https://external-apis.driftrock.com/oauth2/token", "your client ID", "your client secret")
About us
We help make marketing something you want to see.One Rock
Our Branding
Brand guidelines & logo
Channels
Meta Ads IntegrationGoogle Ads IntegrationLinkedIn Ads Integration
Other Industries
Publishers
Real Estate
Agency Tools
Subscriptions
Automotive
Education
B2B
CPG
Retail Digital Marketing
Integrations
Browse integrationsLead Generation SourcesFeatures in detailFacebook Lead Ads Integrations
Resources
Driftrock BlogFacebook Lead Ads guideSocial lead gen guideLead quality guideKnowledge BaseLead Sources
Support
CareersContact usPricing
Featured Blog posts
Automotive Marketing: The Ultimate GuideElectric Car Ads: 12 Powerful Themes (With Examples!)KPIs for Lead Generation
Copyright © Driftrock Ltd
Security & Compliance

Terms of Service Privacy Notice Data Protection