Marketing Cloud Seed-List Management API
The Seed-List Management API is used for authentication, management of seeds, and account settings with regard to seeds.
AppExchange WebApp Authentication Flow
Acquire and renew authentication tokens to invoke Marketing Cloud APIs via an AppExchange web app.
The flow described here relies on the offline access scope created with Marketing Cloud Installed Packages. With the offline scope, a refresh token is acquired that can be stored and used for up to 30 days (default). Partners would retrieve the TSSD (Tenant Specific Sub Domain) URL routes for SOAP or REST API calls and a refresh token for each MC Account. When the MC user isn’t logged in, the partner can still use the refresh token to invoke MC APIs in a background process to update and manage seed-lists.
For more information, see the public documentation for:
The PlantUML source for this diagram is at AppExchange MC API Auth Flow.
Seed-List Management API
The endpoints for seed-list management include create, read, update, and delete (CRUD) operations on seed-lists. The following diagram shows a simplified authentication flow. For more detail on offline access see AppExchange WebApp Authentication Flow
REST API Errors
Errors return a non 2xx status code and contain a JSON body with
message fields. See Handle Errors in REST API.
Email > Content > Email determine access to the seed-list APIs.
The following table defines the permissions needed for a user to access the seed-list APIs. The partner app is set up with the required scopes and uses appropriate user permissions. The seed-list APIs return a 403:
unauthorized response if the permission criteria isn't satisfied.
|API Action||Path to User Permission||API Permission Scope|
|GET||Email > Content > Email > View||email_read|
|POST||Email > Content > Email > Create||email_write|
|PUT||Email > Content > Email > Update||email_write|
|PATCH||Email > Content > Email > Update||email_write|
|DELETE||Email > Content > Email > Delete||email_write|