Skip to main content
POST
/
auth
/
token
Obtain JWT access token
curl --request POST \
  --url https://{client_slug}.targeter.tech/api/auth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "api_key": "YOUR_ISSUED_PARTNER_KEY",
  "api_secret": "YOUR_ISSUED_PARTNER_SECRET"
}
'
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Overview

The partner authentication endpoint allows trusted third-party partners to exchange their issued API credentials for a JWT (JSON Web Token) that can be used to authenticate subsequent API requests on behalf of their clients.

Request

Headers

  • Content-Type: application/json

Body Parameters

api_key
string
required
Your unique API key issued by Targeter for your approved partnership
api_secret
string
required
Your secure API secret issued by Targeter for your approved partnership

Example Request

curl -X POST "https://storhaug.targeter.tech/api/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "YOUR_ISSUED_PARTNER_KEY",
    "api_secret": "YOUR_ISSUED_PARTNER_SECRET"
  }'

Response

Success Response (200)

access_token
string
JWT token to be used in Authorization header for subsequent requests
token_type
string
Token type (always “Bearer”)
expires_in
integer
Token validity in seconds (3600 = 1 hour)

Example Response

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "Bearer",
    "expires_in": 3600
}

Error Responses

400 - Invalid Request

{
    "error": "Invalid request payload"
}

401 - Invalid Credentials

{
    "error": "Invalid credentials"
}

500 - Server Error

{
    "error": "Internal server error"
}

Usage Notes

  • Token Expiration: JWT tokens expire after 1 hour for security
  • Refresh: You must obtain a new token when the current one expires
  • Security: Never expose your issued API secret in client-side code - these are for server-to-server communication only
  • Storage: Store tokens securely and refresh them before expiration
  • Credentials: Only use API credentials issued specifically to your approved partnership

Next Steps

Once you have your JWT token, you can use it to make authenticated requests on behalf of your clients: 
curl -X POST "https://storhaug.targeter.tech/api/campaign" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Body

application/json
api_key
string
required

Your unique API key issued by Targeter for your approved partnership

Example:

"YOUR_ISSUED_PARTNER_KEY"

api_secret
string
required

Your secure API secret issued by Targeter for your approved partnership

Example:

"YOUR_ISSUED_PARTNER_SECRET"

Response

Successfully authenticated

access_token
string

JWT token to be used in Authorization header

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6..."

token_type
string

Token type

Example:

"Bearer"

expires_in
integer

Token validity in seconds

Example:

3600