HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In


This topic gives a general overview of OAuth 2.0 at Optimizely.

Optimizely provides the OAuth 2.0 protocol to allow users to authorize third-party applications to access Optimizely data via the REST API. It lets any Optimizely customer grant access to an application without the need to share their Optimizely username and password. View and revoke applications you have authorized in your account settings.

Optimizely's REST API lets you create and manage Optimizely projects and experiments and analyze results from other applications. For example, our solutions partners and technology partners use the REST API to:

  • Use Optimizely to A/B test headlines from within WordPress
  • Create Optimizely audiences based on information collected from your Data Management Platform
  • Manage Optimizely projects from an internal system
  • Pull results data into an internal dashboard or results widget
  • Send email alerts when certain results are achieved

Applications that are built on the REST API (such as technology integrations) can use OAuth to access Optimizely data on the customer's behalf by putting them through an authorization flow (similar to how you can log into many accounts via your Facebook or Google+ login).

Authorize, view, and revoke applications that can access your data

Authorize applications

You can grant trusted third-party applications access to your Optimizely account by logging in via a button that looks like this:

View authorized applications

You can always see a list of third-party applications that you have authorized to access your Optimizely data by going directly to the Registered Apps tab in your Account Settings..

Revoke permissions

To de-authorize, a third-party application at any time, simply revoke it from this menu by clicking Revoke Access and confirming your decision. Once you revoke permissions, you can't authorize or re-authorize third-party applications from this menu. To do that, you'll have to go back to the app you want to authorize and go through the authorization process again.

Register applications to use OAuth

To build integrations using Optimizely's REST API, reference our API Documentation, which covers the endpoints and calls you can use:

If you want to register a new application to access the API via OAuth:

  1. Navigate to Account Settings > Registered Apps.
  2. Click Register New Application.
  3. In the Application Settings window, enter the Application Name and Redirect URI and select a Client Type (Public or Confidential).
  4. Click Apply.

Build an OAuth 2.0 flow into your application

To build an OAuth 2.0 flow in your application, you will need to complete the following steps:

  • Decide which Grant Type is most appropriate for your application.
  • Register your application with Optimizely.
  • In your application, point customers to Optimizely's authorization URL.
  • Process a redirect after the user accepts (or rejects) your application's access.
  • Obtain an access token, via an authorization code or refresh token, or via the redirect itself, depending on the authorization flow you're using.
  • Authenticate with the REST API using the provided access token.

The sections in this category walk through each of these steps in detail.

If at any point you have questions or need help building out an OAuth 2.0 flow, you can submit a ticket to the developer support team. We'll be happy to help.


OAuth 2.0 flow