Before sending any requests to the Usercentrics Partner API you need to authenticate the user account you are interacting with. For this, you will need a secret Partner-API token (received from Usercentrics’ Support) and a unique identifier for the user (best practice: The format should explicitly be an EMAIL String).
The API will return a new unique User-Token. You need to provide this token as an HTTP authorization header for all API calls that you are going to make on behalf of this user. *User-Token*s are valid for 8 hours.
Security Notice
Your secret Partner-API token should always be kept private! Anyone owning that token can authenticate user accounts against the Usercentrics API under your identity.
Example Request
query {
authenticate(apiToken: "secret-api-token", user: "user@company.org")
}Example Response
{
"data": {
"authenticate": "Bearer RXhhbXBsZSBUb2tlbgo..."
}
}Example Request HTTP headers
POST /graphql HTTP/1.1
Host: partner.usercentrics-sandbox.eu
Connection: keep-alive
Content-Length: 111
accept: */*
Origin: https://partner.usercentrics-sandbox.eu
authorization: Bearer RXhhbXBsZSBUb2tlbgo…
[...]Example Request in the playground 