Authentication

• Machine-to-Machine (M2M) for backend integrations
• OAuth 2.0 for user-authorized apps.

​

Machine-to-Machine (M2M) Authentication

​

How It Works

1. Request an Access Token Use your client_id and client_secret to request an access token:
   Copy

   POST https://api.profilebehavior.com/v3/auth
   Content-Type: application/json
   
   {
     "grant_type": "client_credentials",
     "client_id": "your_client_id",
     "client_secret": "your_client_secret",
   }
   

2. Include the Token in API Requests Add the access token to the Authorization header:
   Copy

   Authorization: Bearer YOUR_ACCESS_TOKEN
   

3. Tokens Expire Access tokens are short-lived and expire after approximately 1 hour. You can safely request a new one when needed.

​

Example (cURL)

curl --request POST \
  --url https://api.profilebehavior.com/v3/test \
  --header 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{"ping": "pong"}'

​

OAuth 2.0 Authentication

​

How It Works

1. Redirect to Login & Consent Your app redirects the user to Profile’s secure login page.
2. Token Exchange After login, your app receives a short-lived access token representing that user.
3. Make API Requests Use the access token in the Authorization header to act on behalf of the user:
   Copy

   Authorization: Bearer USER_ACCESS_TOKEN
   

4. Role-Based Access Permissions are based on the user’s role (e.g., admin, manager) in your Profile account.

​

Example OAuth Request

GET /v3/my-account HTTP/1.1
Host: api.profilebehavior.com
Authorization: Bearer eyJhbGciOi... (access token)

​

Which Authentication Method Should I Use?

​

Security Notes

• Never expose client secrets in frontend apps or browser-based code.
• Access tokens are short-lived and should be refreshed automatically.
• OAuth users must authenticate through Profile’s secure login — passwords are never shared with external tools.