Authentication
Authenticate requests with your Oppizi client key using a Bearer token.
All Oppizi API requests are authenticated with a single client key passed as
a Bearer token in the Authorization header. The same key authenticates
every client-facing endpoint on the developer API — both the
/client reads and
tracking (/tracking/events).
Keep your client key secret — treat it like a password, store it in an environment variable, and never expose it in client-side code you don't control.
Getting a key
Client keys are provisioned for you in the Oppizi Ads interface — they are not created or managed on this documentation site. If you don't have a key yet, or need it rotated, contact your Oppizi account manager.
Authorization header
Add your client key to the Authorization header of every request, prefixed
with Bearer :
curl https://developer-api.oppizi.com/* \
-H "Authorization: Bearer YOUR_CLIENT_KEY"In JavaScript:
headers: new Headers({
'Content-Type': 'application/json',
Authorization: 'Bearer YOUR_CLIENT_KEY',
});Scoping
Because a client key is bound to a single client account, you never need to pass a client, account or organisation identifier — the API resolves everything from the key. A request made with your key will only ever return your campaigns, missions and events.
Errors
| Status | Meaning |
|---|---|
401 | Missing or malformed Authorization header. |
403 | The key is valid but not allowed to access that resource. |
429 | Rate limit exceeded — retry after a short back-off. |