Access Token in Query Parameter Deprecation

Michael_Florin

Access Token in Query Parameter Deprecation: Support for authentication using access tokens in a query parameter of a Marketo Engage REST API call will be removed in a future release (specific date TBD). Existing integrations should migrate to usage of the Authorization header described here. New development should only use the Authorization header for authentication with Marketo Engage.

https://experienceleague.adobe.com/en/docs/marketo/using/release-notes/previous-releases/2024/releas...

This is from the Marketo Release Notes in July. The date of this change seems to be June 30th 2025.

My question now: How exactly does my webhook custom header need to look like? It works for me in Postman, as Postman seems to encode automatically to Base64, but how I do that in Marketo?

Thanks!
Michael

SanfordWhiteman

That doesn’t change.

View solution in original post

SanfordWhiteman

The access token is already header-safe. You don’t (and should not) encode it. Just add the header:

Authorization: Bearer <token here>

Michael_Florin

Ah, sorry, I meant the call that retrieves the bearer token. How do I replace this in the new world:

GET <Identity URL>/oauth/token?grant_type=client_credentials&client_id=<Client Id>&client_secret=<Client Secret>

SanfordWhiteman

That doesn’t change.

Michael_Florin

Oh, thank you very much, Sanford. I misread the article.

Access Token in Query Parameter Deprecation

Access Token in Query Parameter Deprecation

Re: Access Token in Query Parameter Deprecation

Re: Access Token in Query Parameter Deprecation

Re: Access Token in Query Parameter Deprecation

Re: Access Token in Query Parameter Deprecation

Re: Access Token in Query Parameter Deprecation