The users of Webex Campaign are categorized into 2 types namely UI users and API users. In Webex Campaign, 2 different screens are provided to create these users.

UI Users: The UI (User Interface) users are created by the tenant admin or a user who has access to create other users. These users can perform actions such as creating assets, creating deployments, viewing reports, etc. Any user who is created as a UI user cannot access APIs. For more information on creating a UI user, refer to UI User.

API Users: The API users are created by the tenant admin or a user who has access to create API users. Any user who is created as an API user can only access APIs. For more information on creating an API user, refer to API User.

API Secret Key Expiry and Obtaining New Secret Key

A user created as an API user has access to those APIs that were granted access. If the user tries to access other APIs for which the access was not granted then the system will throw an error.

The API secret keys (1 and 2 ) have lifetime validity. There is no expiry for these secret keys until they are deleted. When an API secret key 1 is deleted, then the API secret key 2 will become the API secret key 1. The API secret key generated on the UI can only be used to get an access token using which all other APIs can be called.

The API secret key 2 works exactly the same as the API secret key 1 and can be used to roll over your secret keys without incurring any application downtime.

Calling APIs

There are two methods of calling Webex Campaign APIs.

Never Expiring API Secret Keys
Regularly Refreshed Short-Lived Tokens (Deprecated)

Never Expiring API Secret Keys

The secret keys generated for an API user (API secret key 1 or API secret key 2) can be used as a bearer to access all APIs to which they were provided access. If you want to change the “API secret key 1” as per your company policies, generate an “API secret key 2” using the GUI and add it to your API calling code. Until then both “API Secret Key 1” and “API secret key 2” will be valid. Once your entire code is updated from “API Secret Key 1” to “API secret key 2”, you can delete the “API secret key 1” and it will no longer be valid after 5 minutes of deletion.

Below is a snapshot of the API Users screen. To copy the API Secret Key 1, click on Show. The API Secret Key 1 is displayed. Copy the key and use it as desired.

To delete the API secret key 1, click Generate key to generate API secret key 2. The Delete icon appears for API secret keys. After the API secret key 1 is replaced with API secret key 2, delete the API secret key 1.

How to send tokens to the server with every request?

Below is a sample code provided as a reference.

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\r\n    \"event-id\": \"evt_15675803030001\",\r\n    \"event-key\": \"[email protected]\",\r\n    \"event-params\":\r\n        {\r\n\t  \"EMAIL\": \"john\"\r\n        }\r\n}");
Request request = new Request.Builder()
  .url("https://<yourdomain>/campaignapi/resources/v3/events")
  .post(body)
  .addHeader("authorization", "Bearer ZjMxMjlhZjEtYWM3Zi00YzQ2LTgxNjEtYjNlMTBlZDk2YTI0OjkxNTMzMzVhLWJjMGItNDUwOS1hNmUxLTU3OGFhYjA4YzUwOA==")
  .addHeader("content-type", "application/json")
  .addHeader("cache-control", "no-cache")
  .addHeader("postman-token", "113098ac-3609-dd21-f402-07db3efe2c5a")
  .build();

Response response = client.newCall(request).execute();

<?php

$request = new HttpRequest();
$request->setUrl('https://<yourdomain>/campaignapi/resources/v3/events');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
  'postman-token' => 'a464d0c3-ad52-5757-d557-860ea698f387',
  'cache-control' => 'no-cache',
  'content-type' => 'application/json',
  'authorization' => 'Bearer ZjMxMjlhZjEtYWM3Zi00YzQ2LTgxNjEtYjNlMTBlZDk2YTI0OjkxNTMzMzVhLWJjMGItNDUwOS1hNmUxLTU3OGFhYjA4YzUwOA=='
));

$request->setBody('{
    "event-id": "evt_15675803030001",
    "event-key": "[email protected]",
    "event-params":
        {
	  "EMAIL": "john"
        }
}');

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}

APIs hosted within Webex Campaign

Webex Campaign provides APIs for Campaign Management, Profile Management, and Client Specific APIs. The APIs can be accessed using API Secret Keys. To know more on how to access APIs refer to the Accessing APIs section.

Campaign Management APIs	Profile Management/Data Management APIs	Client Specific APIs (Additional Charges Apply)
Event triggered instant deployment API	Get profile attributes API	Get last n customer transactions API
Get SMS deployment content API	Get contact profile API
Add to opt-out list API	Delete contact profile API
Remove from opt-out list API	Create/Update contact profile API
Update voice deployment transaction status API	Bulk Create/Update contact profile API
Update SMS short link click transaction API	Get profile query status API
Notify transaction state API	Get datastore attributes API
	Get optout categories API