--- title: Authentication - APIs description: How to authenticate to use the Enrichment API lastUpdated: 10 September 2025 source_url: html: https://docs.contentsquare.com/en/api/enrichment/authentication/ md: https://docs.contentsquare.com/en/api/enrichment/authentication/index.md --- Warning **Since April 30th, 2024, API keys are no longer supported**. You must use OAuth credentials instead to authenticate on our APIs, and migrate your existing applications using API keys. ## OAuth2 authentication The Contentsquare APIs use the server-to-server OAuth 2.0 standard for authentication, also know as 2-legged OAuth or OAuth 2LO. The flow basically consists in calling an authentication endpoint with a pair `client_id` / `client_secret` to retrieve an access token that remains valid for 1 hour. This JWT token should then be used as a Bearer token in the headers of your HTTPS requests (in the form `Authorization: Bearer YOUR_API_KEY`). Note that the API call to the authentication endpoint will also dynamically return the right base URL that you must use. This base URL depends on which cloud the target project is installed on. You can refer below to a [detailed example](#example-of-authentication-flow) of the overall flow to retrieve a token and a base URL, and use those to query the Data Export API. You can generate a pair `client_id` / `client_secret` from the Contentsquare [console ↗](https://console.contentsquare.com), as a Contentsquare administrator. You can find how to generate these credentials in our Help Center documentation. You can create OAuth credentials either: * At the Project level, to request access resources from a specific project only * At the Account level: to request access for any project of the account Warning Your OAuth credentials carry many privileges, so make sure to keep them secure! Do not share them in publicly accessible areas such as GitHub, client-side code, and so forth. ## Refresh your access token Once you get a JWT access token (see the [authentication endpoint](#authentication-endpoint) below), it's valid for 1 hour. If you try to query the Contentsquare APIs with access to token that has expired, you will receive a `401 Unauthorized` error with the error code `JWT_EXPIRED`, in the form: ```json { "success": false, "errorMessage": "Auth token is expired.", "errorCode": "JWT_EXPIRED" } ``` In that case, you should first use your OAuth credentials (your pair `client_id` / `client_secret`) to query a new access token. The OAuth credentials expire after 1 year. See [How to regenerate OAuth credentials ↗](https://support.contentsquare.com/hc/en-us/articles/37271728104593-How-to-create-API-credentials#section4). ## Authentication endpoint POST [https://api.contentsquare.com/v1/oauth/token ↗](https://api.contentsquare.com/v1/oauth/token) ### Request parameters * #### client\_id   string   Required The OAuth `client_id` generated from the Contentsquare console. * #### client\_secret   string   Required The OAuth `client_secret` generated from the Contentsquare console. * #### grant\_type   string   Required Always set it to `"client_credentials"`, as required by the OAuth 2.0 standard. * #### scope   string   Required You should use `"enrichment"`. You **cannot** combine this scope with any other scopes (for example: `data-export enrichment` will return an error). * #### project\_id   integer   Required only if you use account-level OAuth credentials, to specify which project of the account you want to target. * #### integration\_id   integer   Required Required only if you use the `enrichment` scope. This is the ID of the target integration. This ID is provided by Contentsquare when installing the [integration](https://docs.contentsquare.com/en/api/enrichment/definitions/#integration) on a project. ### Request example ```shell curl --location 'https://api.contentsquare.com/v1/oauth/token' \ --header 'Content-Type: application/json' \ --data '{ "client_id": "c3133d76-a768-4f5a-XXX", "client_secret": "0ISL0DEC;UyYKB;riWRS0EXXX", "grant_type": "client_credentials", "scope": "enrichment", "project_id": 42, "integration_id": 123, }' ``` ### Response example ```json { "access_token": "eyJhbGciOiJSIsImtpY5MTXXX.CNTcKWAUb2mTp2cZyiDRYYOtGCKXXX", // to be used as bearer token to query the APIs "token_type": "bearer", "expires_in": 3600, "scope": "enrichment", "project_id": 42, "endpoint": "https://api.eu-west-1.production.contentsquare.com" // this is the base URL you should use to query the Data Export API endpoints - the provided URL depends on the cloud the project is installed on } ``` ## Example of authentication flow Below is a sample of JavaScript code to show a complete API call flow that first retrieves an access token and then use it to retrieve the list of export jobs on a project: ```javascript const clientId = ""; const clientSecret = ""; const authEndpoint = "https://api.contentsquare.com/v1/oauth/token"; const authRequestOptions = { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ client_id: clientId, client_secret: clientSecret, grant_type: "client_credentials", scope: "data-export", project_id: 42, integration_id: 123, }), }; const authResponse = await fetch(authEndpoint, authRequestOptions); const authJsonData = await authResponse.json(); // Below are the access token and base URL that must be used to query the Data Export API endpoints const accessToken = authJsonData.access_token; const baseURL = authJsonData.endpoint; // Using the access token and endpoint to push data to the enrichment API await fetch(`${baseURL}/...`); ``` ## OAuth credentials information endpoint POST [https://api.contentsquare.com/v1/oauth/me ↗](https://api.contentsquare.com/v1/oauth/me) ### Request parameters * #### client\_id   string   The OAuth `client_id` generated from the Contentsquare console. * #### client\_secret   string   The OAuth `client_secret` generated from the Contentsquare console. ### Request example ```shell curl --location 'https://api.contentsquare.com/v1/oauth/me' \ --header 'Content-Type: application/json' \ --data '{ "client_id": "c3133d76-a768-4f5a-XXX", "client_secret": "0ISL0DEC;UyYKB;riWRS0EXXX", }' ``` ### Response example ```json { "scopes": "metrics data-export session-replay symbolicator", "permissions": { "projects": [ { "id": 42, "name": "UX ANALYTICS" } ] } } ```