[SalesForce] I have an API User id and secret. Do I have everything I need to get an API Token

Background: I'm developing a rails webapp that sends emails. I'm using the MarketingCloudSDK gem to interact with the salesforce API, ultimately to use the triggered emails feature.

I'm not the salesforce admin for my organization, so I requested someone set up an API keypair for me, citing the following instructions that I pieced together from salesforce documentation websites (here and here):

  1. Go to Marketing Cloud | Administration | Installed Packages.
  2. Click New.
  3. Give the package a name and description.
  4. Save the package. Once the package is saved, you see important details about the package. See Installed Packages Definitions for more information about each field. You see the Package ID, JWT Signing Secret, and Source Account only for packages created in your account.
  5. Under Components, click Add Component.
  6. Select API Integration.
  7. Save the component. Under the component details, you find the Client ID and Client Secret. Use these credentials with the API’s authentication service to get OAuth access tokens that authenticate your API calls.

Eventually, I was given an ID and secret, but they belong to an API User, not an API Integration. I tried posting them to https://auth.exacttargetapis.com/v1/requestToken with curl anyway, and I get {"message":"Unauthorized","errorcode":1,"documentation":""}.

Am I missing something? It seems like I should be able to use these credentials in some way to interact with the API, but I have not been able to find how, and while there's plenty of documentation on how to create an API User, there doesn't seem to be any documentation on what to do once you have one.

tl;dr: I have the credentials for an API user. How can I use them to get an API access token?

Best Answer

Sounds like you need to designate an API user:

  1. Admin
  2. My Users
  3. click on the user's name
  4. Edit
  5. check the API user checkbox
  6. Save

Once the user has been designated, you can assign API permissions:

  1. Admin
  2. My Users
  3. check the box next to the user
  4. Manage Roles in the toolbar
  5. Edit Permissions
  6. Email
  7. Admin
  8. API Access
  9. WebService API
  10. check the box next to Allow

Here are the steps for installing a package and configuring a Client ID and Client Secret to authenticate your REST API calls:

  1. Log into Marketing Cloud
  2. Hover over your user name in the upper right corner
  3. Click Administration
  4. In the Account drop-down, click Installed Packages
  5. Click the New button in the upper right corner
  6. Give your package a name and click Save
  7. Click the Add Component button at the bottom
  8. Choose API Integration
  9. Click Next
  10. Check the permissions appropriate for your use-case. Typically you would check all options in Channels > Email and all in Data > Data Extensions.
  11. Click Save
  12. The Client ID and Client Secret are now configured and ready to use in your application.
  13. Use the REST API tool of choice to request an Access Token for authentication. Once you have a token, you're ready to interact with the SFMC objects.

For authorizations, the endpoint is https://auth.exacttargetapis.com.

Once everything's configured, try requesting a token:

POST https://auth.exacttargetapis.com/v1/requestToken
Content-Type: application/json
{
    "clientId": "YOUR_CLIENT_ID_FROM_APP_CENTER",
    "clientSecret": "YOUR_CLIENT_SECRET_FROM_APP_CENTER"
}

The endpoint for all of the other SFMC REST API calls is https://www.exacttargetapis.com/.

Related Topic