Authentication - OAuth2
The Bazaarvoice Transactions API provides 2-legged for OAuth2 authentication.
Introduction
The following tutorial explains how to use OAuth2 with the Bazaarvoice Transactions API using a two-legged workflow, which authenticates directly between the OAuth2 API and your Transactions application.
Use the 2-legged workflow if you want to authenticate your application without a Bazaarvoice Portal user involved in supplying credentials. Due to its automation advantages, Bazaarvoice expects that the 2-legged workflow best fits the majority of client use cases for the Transactions API.
Request OAuth2 Credentials
In order to receive your OAuth2 Client Credentials(client_id and client_secret), register your application by contacting our Support team at https://support.bazaarvoice.com.
Copy/paste the template below into your support case and then manually replace the <PLACE_HOLDER> tokens with the appropriate information.
Please register an application for use with the <API_NAME>, in this case, Transactions API.
BAZAARVOICE PORTAL USER EMAIL ADDRESS: <EMAIL_ADDRESS>
DEVELOPER COUNTRY: <DEVELOPER_COUNTRY>
CLIENT INSTANCE NAMES: <NAME_1>, <NAME_2>, <NAME_3>
APP DISPLAY NAME: <DISPLAY_NAME>
APP DESCRIPTION:
<DESCRIPTION>
Thanks,
<SIGNATURE>
Please refer to the Table below explaining each field required in request template.
Bazaarvoice API name | Transactions API |
Bazaarvoice Portal user email address | This is the email address associated with a Bazaarvoice Portal account. You must have an account prior to registering an application. This email address will receive emails associated with the requested API. |
Developer country | The country where the developer is located. |
Client instance names | This name should match the client instance you want your credentials to have access to. You can find client instance names in the Portal or Workbench client picker menu. Ex: acme-en_us, acme-fr_fr |
App Display Name | This is a human readable name that will be displayed to users when they grant access to your application. Ex: Acme Transactions App |
App Description | A brief explanation of how this application will be used. Ex: Application for tracking consumer transactions |
NOTE: Transactions API does not use API passkeys for authorization. The OAuth2 Client credentials will serve as the only authentication needed.
Once the request is submitted, the Bazaarvoice Support team would contact back with the OAuth2 Credentials via secured channel within 7 days.
Please be advised that the secured link containing the OAuth2 credentials (client_id and client_secret) can be accessed by logging into the Bazaarvoice Portal at https://portal.bazaarvoice.com using the email address provided during the application registration.
Bazaarvoice has implemented 2-legged OAuth2, an open standard for access delegation. This style of OAuth is referred to as “2-legged” because it consists of two roles:
- The Client Application : This is an application that would like to access data or interact with a Bazaarvoice service.
- The OAuth2 API: A Bazaarvoice service that implements the OAuth2 standard and intermediates with the Client Application.
2-legged OAuth2 offers certain advantages including:
● Authentication is handled server to client and does not require an end user to manually supply credentials.
● As a well-known open standard, OAuth2 is easier to implement than a custom solution.
Resources
Refer to these resources for more information on OAuth2:
Updated 7 months ago