OAuth2 : 3-Legged

The Bazaarvoice Privacy API provides 2-legged and 3-legged methods for OAuth2 authentication. Use the 2-legged workflow if you want to authenticate your application without a Bazaarvoice Portal user involved in supplying credentials. Use the 3-legged workflow if you want to authenticate your application based on a Bazaarvoice Portal user supplying credentials. Due to its automation advantages, Bazaarvoice expects that the 2-legged workflow best fits the majority of client use cases for the Privacy API.


This tutorial explains how to use OAuth2 with the Bazaarvoice Privacy API using a three-legged workflow, which requires a Bazaarvoice Portal user to supply credentials during the process. If you need to automate your application without a user supplying credentials, refer to the 2-legged OAuth2 workflow.


Social Commerce client's request (via Portal Privacy App or Privacy API 3-legged) will also be processed by Bazaarvoice Privacy API.

Bazaarvoice has implemented 3-legged OAuth2, an open standard for access delegation. This style of OAuth is referred to as “3-legged” because it consists of three roles:

  • The Client Application: This is an application that would like to access data or interact with a Bazaarvoice service on behalf of a user.
  • The OAuth2 API: A Bazaarvoice service that implements the OAuth2 standard and intermediates between the User and Client Application.
  • The User: This is the person who is using the Client Application. They can grant or deny the Client Application access to their data.

3-legged OAuth2 offers certain advantages including:

● The User’s credentials are never exposed to the Client Application.
● The Client Application can be used by an arbitrary number of users.
● As a well-known open standard, OAuth2 is easier to implement than a custom solution.