Optimizely provides the OAuth 2.0 protocol to allow users to authorize third-party applications to access Optimizely data via the REST API. It lets any Optimizely customer grant access to an application without the need to share their Optimizely username and password. View and revoke applications you've authorized in your account settings.

To build an OAuth 2.0 flow in your application, you'll need to complete the following steps:

  • Decide which Grant Type is most appropriate for your application.
  • Register your application with Optimizely.
  • In your application, point customers to Optimizely's authorization URL.
  • Process a redirect after the user accepts (or rejects) your application's access.
  • Obtain an access token, via an authorization code or refresh token, or via the redirect itself, depending on the authorization flow you're using.
  • Authenticate with the REST API using the provided access token.

The sections in this category walk through each of these steps in detail.

If at any point you have questions or need help building out an OAuth 2.0 flow, you can submit a ticket to the developer support team. We'll be happy to help.


OAuth 2.0 flow