OAuth2 : 3-Legged

The Bazaarvoice Response API provides 3-legged methods for OAuth2 authentication.


Bazaarvoice has implemented 3-legged OAuth2, an open standard for access delegation. This style of OAuth is referred to as “3-legged” because it consists of three roles:

  • The Client Application: This is an application that would like to access data or interact with a Bazaarvoice service on behalf of a user.
  • The OAuth2 API: A Bazaarvoice service that implements the OAuth2 standard and intermediates between the User and Client Application.
  • The User: This is the person who is using the Client Application. They can grant or deny the Client Application access to their data.

3-legged OAuth2 offers certain advantages including:

● The User’s credentials are never exposed to the Client Application.
● The Client Application can be used by an arbitrary number of users.
● As a well-known open standard, OAuth2 is easier to implement than a custom solution.

Requesting Client ID and Client Secret

Clients are required to contact BV support to generate their Client ID and Client Secret for accessing BV APIs. Please reach out to BV support for assistance in obtaining these credentials.


The tutorial which explain how to use OAuth2 with the Bazaarvoice Response API using a three-legged workflow, which requires a Bazaarvoice Portal user to supply credentials during the process can be accessed here