Skip to main content
POST
/
auth
/
token
Obtain JWT access token
curl --request POST \
  --url https://{client_slug}.targeter.tech/api/auth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "api_key": "YOUR_ISSUED_PARTNER_KEY",
  "api_secret": "YOUR_ISSUED_PARTNER_SECRET"
}
'
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Documentation Index

Fetch the complete documentation index at: https://docs.targeter.tech/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The partner authentication endpoint allows trusted third-party partners to exchange their issued API credentials for a JWT (JSON Web Token) that can be used to authenticate subsequent API requests on behalf of their clients.

Request

Headers

  • Content-Type: application/json

Body Parameters

api_key
string
required
Your unique API key issued by Targeter for your approved partnership
api_secret
string
required
Your secure API secret issued by Targeter for your approved partnership

Example Request

curl -X POST "https://storhaug.targeter.tech/api/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "YOUR_ISSUED_PARTNER_KEY",
    "api_secret": "YOUR_ISSUED_PARTNER_SECRET"
  }'

Response

Success Response (200)

access_token
string
JWT token to be used in Authorization header for subsequent requests
token_type
string
Token type (always “Bearer”)
expires_in
integer
Token validity in seconds (3600 = 1 hour)

Example Response

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "Bearer",
    "expires_in": 3600
}

Error Responses

400 - Invalid request body

{
    "error": "Invalid request body"
}

401 - Invalid API credentials

{
    "error": "Invalid API credentials"
}

500 - Internal server error

{
    "error": "Internal server error"
}

Usage Notes

  • Token Expiration: JWT tokens expire after 1 hour for security
  • Refresh: You must obtain a new token when the current one expires
  • Security: Never expose your issued API secret in client-side code - these are for server-to-server communication only
  • Storage: Store tokens securely and refresh them before expiration
  • Credentials: Only use API credentials issued specifically to your approved partnership

Next Steps

Once you have your JWT token, you can use it to make authenticated requests on behalf of your clients: 
curl -X POST "https://storhaug.targeter.tech/api/campaign" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Body

application/json
api_key
string
required

API key issued for your partnership

Example:

"YOUR_ISSUED_PARTNER_KEY"

api_secret
string
required

API secret issued for your partnership

Example:

"YOUR_ISSUED_PARTNER_SECRET"

Response

Successfully authenticated

access_token
string
required

JWT for the Authorization header

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6..."

token_type
string
required
Example:

"Bearer"

expires_in
integer
required

Token lifetime in seconds

Example:

3600