MailUp REST API uses OAuth v2 as an authorization and authentication method to validate the access to the resources. This is our recommended option, even though a custom header authorization with API keys is also supported.
What is OAuth v2?
OAuth v2 is the latest evolution of the OAuth protocol which was originally created in late 2006. OAuth v2 provides ease of use for clients/developers while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
This specification is being developed within the IETF OAuth WG and is based on the OAuth WRAP proposal.
The main framework was published in October 2012.
The OAuth v2 Framework was published as RFC 6749, and the Bearer Token Usage as RFC 6750.
Why OAuth v2?
There are several good features that make OAuth v2 the recommended authentication and authorization method to interact with MailUp features and resources: first of all its ease of use. While other token authentication methods like this are based on complex operations on the client's side to generate valid tokens and keys - not only is it difficult to implement for external developers but also to support - OAuth v2 is fully server based.
Being OAuth v2 a framework, several authorization flows are supported; they are named "Grants" and can be listed as follows:
- Authorization code grant;
- Implicit grant;
- Resource owner password grant;
- Client credentials grant.
MailUp authorization server can support any of the OAuth v2 grant flows, however we recommend using the "Authorization code grant flow" for most integrations with MailUp that we have developed so far. In a few very special scenarios, e.g. in case of trusted internal application, other flows can be implemented. Depending on resource servers access control requirements, a content could or could not be accessible.
Obtaining your API Keys
To obtain the MailUp REST API keys that will be used in the authorization process, see the corresponding section "Authenticating with OAuth v2".