Partner Authorization Framework

All authorization is based on OAuth 2.0. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service. OAuth relies on authentication scenarios called flows, which allow the resource owner to share the protected content from the resource server without sharing their credentials. For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner. For more information please see the IETF definition rfc6749.

Once the Partner scope has been approved by Sniptech, the access tokens provided will be valid for 5 minutes and refresh tokens for 30 minutes.

Environment variables {{base_url}}:



Token and refresh endpoint: {{base_url}}/auth/token


Sniptech Audiences API: audiences

Sniptech Cancellations API: cancellation

Sniptech Deals API: deals

Sniptech PSD2 & PFM API: pfm

Sniptech Online Cashback API cashback

Token example:

curl --location --request POST '{{base_url}}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'scope=cancellation'

Refresh example:

curl --location --request POST '{{base_url}}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=<REFRESH TOKEN>'

The obtained access_token must be included in every call on our platform, e.g:

curl --location --request GET '{{base_url}}/cancellations/v1/organizations?locale=es-ES' \
--header 'Authorization: Bearer <ACCESS TOKEN>'

Sample Response: