Artlist uses API keys to authenticate requests.
Currently, API keys are issued and managed through your account manager, but a self-service developer portal will be available soon.

OAuth 2.0 Authentication

Artlist API uses the OAuth 2.0 Client Credentials flow for secure server-to-server authentication.

Overview

The Client Credentials flow enables clients to authenticate directly with their client credentials, without requiring user interaction.

Credentials

client_id: The unique client identifier provided by your account manager.
client_secret: The secret key provided by your account manager keep this secure!

Getting an Access Token

Token Endpoint

1 https://artlist-business-api-prod-cognito.artlist.io/oauth2/token

Request Headers

1 Content-Type: application/x-www-form-urlencoded
2 Authorization: Basic token

Before you make a request

Youll need to encode the combination of your client_id and client_secret using Base64 in the following format:

1 “client_id”:”client_secret” → Base64 encoded

For example:

1 client_id: 1234
2 client_secret: abcd
3 token = 1234:abcd → Base64 = MTIzNDphYmNkCg==
4 So the header would be Authorization: Basic MTIzNDphYmNkCg==

Request Body

Example

1 'grant_type=client_credentials'

Sample Response

1 {
2     "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6...",
3     "token_type": "Bearer",
4     "expires_in": 3600
5 }

Using the Token

Add the token to your API requests:

1 Authorization: Bearer YOUR_ACCESS_TOKEN

Security Considerations

Never expose your client_secret in client-side code
Store client credentials securely
Rotate client credentials periodically
Access tokens expire after 1 hour, so make sure to regenerate them before theyit expire