Our APIs support the OAuth2 authentication protocol. Using the OAuth2 protocol, you allow an external application to log into CustomerGauge to call one of our APIs. Contrary to traditional authentication through API keys, OAuth2 does not rely on a single API key that's shared across all kinds of applications. This gives you the big benefit of not having to back-track to every connected system to change your API key should you lose it.

Requirements: What do you need

  • Access to "Integration" -> "Connected Apps"
  • Know your Region1; this is the region in which your CustomerGauge system is hosted. You can find your region by looking at the URL when logged into CustomerGauge (https://cvm.region1.customergauge.com).

How to Authenticate

  1. Go to "Setup -> Integration -> Connected Apps"
  2. For each external system, "Create a New App"
    1. If you have multiple of the same system (for example, multiple Salesforce systems), we highly recommend you to create a separate App for each of those.
  3. Get the Client ID2 and Client Secret3 for the App you want to authenticate from.
    1. After creating a new app, press the Expand button, and obtain the Client ID and Client Secret
  4. Call the Authentication API: POST https://auth.{{region1}}.customergauge.com/oauth2/token
    This API will return you the Access Token that you'll use from here onwards to call our APIs.
    1. The Grant Type for the authentication request should be "client_credentials"

      Access Token Expiration: The Access Token stays valid for 1 hour after obtaining it, after which you'll need to obtain a new one.

cURL Example

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id={{ Client ID }}&client_secret={{ Client Secret }}" https://auth.{{ region }}.customergauge.com/oauth2/token

Make sure to replace {{ Client ID }}, {{ Client Secret }}, and {{ Region }} as applicable to your use case.

Calling APIs

To call our APIs through OAuth2 authentication, you'll need to pass the Access Token with Bearer in the Authorization header of each request.

Authorization:Bearer XXXXX

You can call any of our v4.1 APIs using this method of authentication.