Obtain an Access Token for Salesforce Marketing Cloud OAuth 2.0 API Integrations

Author: Florin Valean

Use case

Some of the most common scenarios when API Integrations would have to be considered are cases where data needs to be imported from an external system into Marketing Cloud (for instance data captured in a web form). Another use case would be when communications have to be triggered by an external event. For instance when a customer places an order on the e-commerce website, a confirmation email has to be sent to that customer - this needs to happen in real time for a better customer experience, ideally the email will be sent immediately after the order was confirmed. And there can be many more use cases - there is a whole new world full of possibilities :)

In this article we'll see how the access token can be obtained using server-side javascript for an OAuth 2.0 Server-to-Server API integration with client credentials grant type. To request an OAuth 2.0 access token we have to use this API route:

/* replace YOUR_SUBDOMAIN with your subdomain - get it from the Installed Package in Marketing Cloud */ https://YOUR_SUBDOMAIN.auth.marketingcloudapis.com/v2/token


Prerequisites

In order to be able to request an access token we need to create an Installed Package in Marketing Cloud. We are going to use an Installed Package created with enhanced functionality with a component of type API Integration and integration of type Server-to-Server. We have to ensure that all the needed scopes are assigned to the Installed Package and the package is licenced for the intended business unit. Once the Installed Package is created it will generate a Client ID, a Client Secret and the URIs for Authentication, REST API and SOAP API resources.
What we'll see in the configuration is going to look like this:

For more details about Installed Packages in Marketing Cloud you can check out this page.

When we request the OAuth 2.0 access token we have to include the JSON payload in the request. The payload will look like this:

/* replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET, YOUR_MID with your values */ { "grant_type": "client_credentials", "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET", "scope": null, "account_id": "YOUR_MID" }


Server-side javascript code to get an OAuth 2.0 access token


/* replace the highlighted values with yours */ <script runat="server"> Platform.Load("Core", "1"); /* create the payload in JSON format */ var payload = '{"grant_type":"client_credentials",'; payload += '"client_id":"d20aaul96htb2hgo9b4i47gx",'; payload += '"client_secret":"tUriuDS0zdV82vFrLIbJek77",'; payload += '"scope":null,'; payload += '"account_id":"100012345"}'; var url = "https://mc06n741d3km57h-ztlmx29hh3s7.auth.marketingcloudapis.com/v2/token"; var contentType = 'application/json'; try { /* perform HTTP Post request to get a new OAuth 2.0 access token */ var accessTokenResult = HTTP.Post(url, contentType, payload); var tokenObj = Platform.Function.ParseJSON(accessTokenResult["Response"][0]); var accessToken = tokenObj.access_token; Write("OAuth 2.0 Access Token: " + accessToken); } catch(e) { Write(Stringify(e)); } </script>

Notice the use of try-catch block - see this page for more details on how/when to use try-catch.

If the OAuth 2.0 Access Token was successfully generated then the script above will display the token on the screen otherwise it will display the error that occurred. In case of success the output will look like this:

OAuth 2.0 Access Token:
eyJhbGciOiJIUzI1NiIsImtpZCI6IjEiLCJ2ZXIiOiIxIiwidHlwIjoiSldUIn0.eyJhY2Nlc3NfdG9rZW4iOiJYbE9aVnB4d2R6a1YxT1VBenRhME9TZ3AiLCJjbGllbnRfaWQiOiJsZ2RmdGNsNGc1cGxjeDNuZWh1NWFudXEiLCJlaWQiOjUwMDAwODI1OCwic3RhY2tfa2V5IjoiUzUwIiwicGxhdGZvcm1fdmVyc2lvbiI6MiwiY2xpZW50X3R5cGUiOiJTZXJ2ZXJUb1NlcnZlciJ9.QUdBXU--d3lWrloophnyLmiujRiLFFpV6fOaADFCS9Q.DUjjOMofMVal6K7y5vvM4SDooI_vZ3-ObNe9FX0CaI6i8hT14C3tR_naJ8tin1VcostRyjSGz6XJVcvyYRzZon8fT_Pm1wHy-1iVFECzK8yBYXKxsZ1aHCJuLIth-ubdAYRMQ09hdcvKX8_b8LtlFSn-cf-pJ_HixTPRd6p2kABytxO7Z-h
Share this page
Stay in touch

Subscribe to the newsletter

p1 p2 p3