Access Token in Query Parameter Deprecation

Michael_Florin · ‎11-01-2024

Access Token in Query Parameter Deprecation: Support for authentication using access tokens in a query parameter of a Marketo Engage REST API call will be removed in a future release (specific date TBD). Existing integrations should migrate to usage of the Authorization header described here. New development should only use the Authorization header for authentication with Marketo Engage.

https://experienceleague.adobe.com/en/docs/marketo/using/release-notes/previous-releases/2024/releas...

This is from the Marketo Release Notes in July. The date of this change seems to be June 30th 2025.

My question now: How exactly does my webhook custom header need to look like? It works for me in Postman, as Postman seems to encode automatically to Base64, but how I do that in Marketo?

Thanks!
Michael

SanfordWhiteman · ‎11-03-2024

That doesn’t change.

View solution in original post

SanfordWhiteman · ‎11-01-2024

The access token is already header-safe. You don’t (and should not) encode it. Just add the header:

Authorization: Bearer <token here>

Touseef_Mushtaq · ‎01-20-2025

@SanfordWhiteman Requesting if you can please give the syntax for Sending Access Tokens as HTTP Header in API Calls. I mean as of now we send access token as query parameter.

SanfordWhiteman · ‎01-20-2025

Authorization: Bearer <access_token>

Michael_Florin · ‎11-03-2024

Ah, sorry, I meant the call that retrieves the bearer token. How do I replace this in the new world:

GET <Identity URL>/oauth/token?grant_type=client_credentials&client_id=<Client Id>&client_secret=<Client Secret>

SanfordWhiteman · ‎11-03-2024

That doesn’t change.

Michael_Florin · ‎11-03-2024

Oh, thank you very much, Sanford. I misread the article.