Authenticate Your SOAP API Calls

The first step in an API-based integration is authenticating your calls. OAuth access token authentication is the most secure way to authenticate SOAP API calls. You can also use a Marketing Cloud Engagement username and password to authenticate your calls. UsernameToken authentication is not as secure as access token authentication.

  1. Get a Client ID and Secret. Obtain a client ID and secret by creating an installed package with an API Integration component. Once you have your client ID and secret credentials, use them to acquire an OAuth access token directly from the API authentication service.

    The user for your integrated account must have the ability to administer installed packages.

  2. Get an access token. Call the REST auth service to obtain an access token.

  3. Use the access token to authenticate your SOAP calls in the header. This access token authorizes calls in the account where you created the token. It does not flow down through child accounts.

  1. When setting up the user, select API User.

  2. For accounts with role-based permissions, select the Role | Email | Admin | API Access | WebServices API permission. For accounts with legacy permissions, select the Grant the user access to the web services permission.

  3. Enable the username and password security setting. Go to Setup | Security | Security Settings and find the setting under Username and Logins.

  4. Use the username and password to authenticate your SOAP calls in the header.