OppiziDeveloper

Authentication

Authenticate requests with your Oppizi client key using a Bearer token.

All Oppizi API requests are authenticated with a single client key passed as a Bearer token in the Authorization header. The same key authenticates every client-facing endpoint on the developer API — both the /client reads and tracking (/tracking/events).

Keep your client key secret — treat it like a password, store it in an environment variable, and never expose it in client-side code you don't control.

Getting a key

Client keys are provisioned for you in the Oppizi Ads interface — they are not created or managed on this documentation site. If you don't have a key yet, or need it rotated, contact your Oppizi account manager.

Authorization header

Add your client key to the Authorization header of every request, prefixed with Bearer :

curl https://developer-api.oppizi.com/* \
  -H "Authorization: Bearer YOUR_CLIENT_KEY"

In JavaScript:

headers: new Headers({
  'Content-Type': 'application/json',
  Authorization: 'Bearer YOUR_CLIENT_KEY',
});

Scoping

Because a client key is bound to a single client account, you never need to pass a client, account or organisation identifier — the API resolves everything from the key. A request made with your key will only ever return your campaigns, missions and events.

Errors

StatusMeaning
401Missing or malformed Authorization header.
403The key is valid but not allowed to access that resource.
429Rate limit exceeded — retry after a short back-off.

On this page