1. You must have Salesforce OAuth set up in the org. To set up a connected app for OAuth, the "pardot_api" scope must be one of the selected OAuth scopes. Otherwise, OAuth flows other than username/password flow can't be used with the Account Engagement API. Check out this video for an example of how to implement OAuth.
Implement Salesforce OAuth for Account Engagement API
  1. You must have the Account Engagement Business Unit ID that you want to authenticate with. To find the Account Engagement Business Unit ID, use Setup in Salesforce. From Setup, enter "Business Unit Setup" in the Quick Find box. Your Account Engagement Business Unit ID begins with "0Uv" and is 18 characters long. If you can’t access the Business Unit Setup information, ask your Salesforce Administrator to provide you with the Account Engagement Business Unit ID.

  2. Authenticate with a user that is SSO enabled. An SSO-enabled user is one who can log in to using "Log In with Salesforce" or who can access Account Engagement using the Account Engagement Lightning App.

Account TypeSalesforce DomainAccount Engagement Domain
Account Engagement Developer

There are numerous OAuth 2.0 Flow types supported. The Web Server Flow is the most commonly used. For a list of all flows, see the OAuth 2.0 Flows Help page. Read the descriptions of the flows to choose the best one for your case.

After you get the access token, you must pass it and the Account Engagement Business Unit ID using the Authorization and Pardot-Business-Unit-Id headers.

Request must be made using HTTPS.

access_tokenXAccess token obtained from Salesforce OAuth Endpoint
business_unit_idXAccount Engagement Business Unit ID

If a valid access token is provided with a valid business unit ID, the Account Engagement endpoint works as expected.

Note: The Account Engagement API doesn’t enforce IP address restrictions that are configured using the Salesforce option "Enforce login IP ranges on every request".