requestToken Reference for Legacy Packages

This document applies only to API integrations in legacy packages. To get an access token for OAuth 2.0 API integrations, review Set Up Your Development Environment for Enhanced Packages.

For your authentication requests, we recommend using our tenant-specific Marketing Cloud-branded endpoint structure, which includes your tenant’s subdomain. Find your endpoints in Installed Packages. New and existing customers on S1 through S10 can continue to use https://auth.exacttargetapis.com, which does not include your subdomain.

To obtain an OAuth token, perform an HTTP POST specifying your clientID and clientSecret in the request body.

NameTypeRequiredDescription
legacybooleanNoSet to 1 to return a legacy token
NameTypeRequiredDescription
clientIDstringRequiredFirst part of the Client Credentials App Key pair generated when creating an API Integration
clientSecretstringRequiredSecond part of the Client Credentials App Key pair generated when creating an API Integration
accessTypestringNoSet to offline to return a RefreshToken that is not session-based for later use
refreshTokenstringNoUse the refreshToken obtained through SSO for Marketing Cloud Apps along with the accessType option to return an accessToken that is contextualized for your app. The refreshToken is valid for up to 700 days until it is used and can only be used once. It has a 5-minute revocation period after use, allowing for more attempts in case the service doesn't respond immediately.

The HTTP POST with valid values for clientID and clientSecret returns two values:

  1. accessToken - An OAuth token passed to subsequent API requests.
  2. expiresIn - The expiration period of the OAuth token in seconds. The default value of 3600 seconds cannot be changed.