Skip to content

Authorization

Authorization

Before sending any requests to the Usercentrics Partner API you need to authenticate the user account you are interacting with. For this, you will need a secret Partner-API token (received from Usercentrics’ Support) and a unique identifier for the user (best practice: The format should explicitly be an EMAIL String).

The API will return a new unique User-Token. You need to provide this token as an HTTP authorization header for all API calls that you are going to make on behalf of this user. *User-Token*s are valid for 8 hours.

Security Notice
Your secret Partner-API token should always be kept private! Anyone owning that token can authenticate user accounts against the Usercentrics API under your identity.

Example Request

query {
  authenticate(apiToken: "secret-api-token", user: "user@company.org")
}

Example Response

{
  "data": {
    "authenticate": "Bearer RXhhbXBsZSBUb2tlbgo..."
  }
}

Example Request HTTP headers

POST /graphql HTTP/1.1
Host: partner.usercentrics-sandbox.eu
Connection: keep-alive
Content-Length: 111
accept: */*
Origin: https://partner.usercentrics-sandbox.eu
authorization: Bearer RXhhbXBsZSBUb2tlbgo…
[...]

Example Request in the playground usercentrics