In order to interact with Salesforce Marketing Cloud APIs you need to create an installed package in your Marketing Cloud account first. Marketing Cloud uses installed packages to help authenticate users and API requests. To create and install packages you must have the Administrator or Marketing Cloud Administrator role assigned to your profile.
Marketing Cloud has two types of installed packages: packages with enhanced functionality (v2) and packages with legacy functionality (v1). If you’re not sure which package has been installed in your account, check the “Details” tab of your installed package – all legacy packages have a banner at the top indicating that it’s a legacy package and a Licenses tab. Enhanced packages have an Access tab.
Authentication Base URI ,
Client Id and
Client Secret as you will need them to authenticate. Below code examples are meant for Server-to-Server Integrations with Client Credentials Grant Type.
The following script will allow you to authenticate if you’re using the Legacy Package. As of August 1, 2019, Marketing Cloud has removed the ability to create legacy packages, but you can still use legacy authentication and API requests with existing legacy packages.
You will need to insert the
Client Id and
Client Secret and your tenant-specific authentication endpoint (
Authentication Base URI). Bare in mind, that it is not a good idea to publish Client credentials on a CloudPage.
The access token will be valid for 60 minutes and it is issued with the scopes specified on the API integration in Installed Packages. With Legacy Packages, the access token can only be used in the context of the business unit that created the integration.
For this package, you will need to insert the
Client Id and
Client Secret, your tenant-specific authentication endpoint (
Authentication Base URI) and define
"client_credentials" for server-to-server integrations. You can also specify two optional parameters,
account_id. If you don’t include the scope parameter in the request, the token is issued with the scopes specified on the API integration in Installed Packages. For a full list of permissions click here. Account ID is the MID of the target business unit. Use this parameter to switch between business units. If you don’t specify
account_id, the returned access token is in the context of the business unit that created the integration. Again, bare in mind, that it is not a good idea to publish Client credentials on a CloudPage.
The access token has a lifetime of 20 minutes. In the response you will also see the
rest_instance_url (your tenant’s REST base URL for making REST API calls) and
soap_instance_url (your tenant’s SOAP base URL for making SOAP API calls).
Token type will always be “Bearer”, regardless of the package you are using.