REST Authentication

Before you can make calls using REST you will need to set up your authentication and access tokens. Bronto’s REST API is accessible using HTTPS and secured with OAuth 2.0. In order to setup the API integration you will need to configure and use the Hallmonitor Client.

Set Up Hallmonitor

Hallmonitor is an OAuth 2.0 compliant service that is used to request and refresh access tokens for Bronto’s APIs. You must create a client key and client secret for Hallmonitor in order to authenticate with Hallmonitor and get an API token. This can be done using Bronto.

1. In the Bronto Platform, navigate to Home > Settings > Data Exchange.
2. Click the Create New Integration button located under the REST Integrations section.
3. Enter a Client Name.
4. Select the appropriate client permissions.
5. Click the Save button.
A client key (ID) and secret are generated and shown on the Data Exchange page.

After you have completed these steps, you can use the client key and client secret shown in the REST Integrations section of the Data Exchange page to create and refresh API access tokens from Hallmonitor. Be sure to take strong security precautions with your client id, client secret, and your access and refresh tokens.

Get a new token

This call returns your authentication token as well as a refresh token to be used once the access token expires. Access token expires after 1 hour. Refresh token expires after 30 days.

POST: https://auth.bronto.com/oauth2/token

Request Body

 grant_type=client_credentials, client_id={client_id}, client_secret={client_secret}

Response Body

{
"access_token": "596d469a-a65b-4e22-b18e-4f3de5b8ccb8",
"refresh_token": "fadda701-d0c3-4ff0-bb7e-67aae07ecfe9",
"expires_in": 3600
}

Refresh existing token

If your access token expires (default expiration is 1 hour), you can use the refresh token supplied in the response from your original token request to get a new access token for up to 30 days. The client_id and client_secret parameters are also required. Each time you refresh your token you will get a new access token, but your refresh_token will not change.

POST: https://auth.bronto.com/oauth2/token

Request Body

 grant_type=refresh_token, client_id={client_id}, client_secret={client_secret}, refresh_token={refresh_token}

Response Body

{
"access_token": "9ceb16d4-9f21-4549-9ef8-590e34c3e5d1",
"refresh_token": "fadda701-d0c3-4ff0-bb7e-67aae07ecfe9",
"expires_in": 3600
}

Write a cURL Command

You can test the Bronto REST API by writing a cURL command.

With the Bronto REST API you need to create and refresh API access tokens from Hallmonitor. You will need to use the client key and client secret you created in Bronto.

You can use cURL in 2 ways:

curl -X POST -d 'grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}' https://auth.bronto.com/oauth2/token

or

curl https://auth.bronto.com/oauth2/token -H "Accept: application/json" -H "Accept-Language: en_US" -u "{client_id}:{client_secret}" -d "grant_type=client_credentials"

Results:

 { 
	"access_token":"20648bee-2514-4623-b744-d5593599e8fb", 
	"refresh_token":"031840b9-4961-4c02-83f6-3ecae860cfa1", 
	"expires_in":3600 
}

Using the results, you can use the access_token for the request URLs. Then you can use that information to make a GET or POST:

curl -vv -H "Authorization: Bearer 20648bee-2514-4623-b744-d5593599e8fb"
{REQUEST_URL}

Example (Creating a cart)

curl -vv -H "Authorization: Bearer 726873a7-1712-411a-a68b-aad86323b1d7" -H "Content-Type: application/json" -X POST -d '{"customerCartId":"ac54bcf346e578feb46888b3ecd2344f", “emailAddress”:”customer@domain.com”}' https://rest.bronto.com/carts?createContact=true