HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityLog In


This topic gives a general overview of OAuth 2.0 at Optimizely.

Optimizely provides the OAuth 2.0 protocol to allow users to authorize third-party applications to access Optimizely data via the REST API. It lets any Optimizely customer grant access to an application without the need to share their Optimizely username and password. View and revoke applications you have authorized in your account settings.

To build an OAuth 2.0 flow in your application, you will need to complete the following steps:

  • Decide which Grant Type is most appropriate for your application.
  • Register your application with Optimizely.
  • In your application, point customers to Optimizely's authorization URL.
  • Process a redirect after the user accepts (or rejects) your application's access.
  • Obtain an access token, via an authorization code or refresh token, or via the redirect itself, depending on the authorization flow you're using.
  • Authenticate with the REST API using the provided access token.

The sections in this category walk through each of these steps in detail.

If at any point you have questions or need help building out an OAuth 2.0 flow, you can submit a ticket to the developer support team. We'll be happy to help.

OAuth 2.0 flowOAuth 2.0 flow

OAuth 2.0 flow

Did this page help you?