When you have your own CRM platform and would like to streamline lead information to one place, LocaliQ has two options:

There are THREE ways to connect Customer Center data to your CRM database.

API - systems exchange data using a “request and response” method; most “real-time”

Webhook - systems exchange data using a “push” method whenever a lead occurs.

Direct Integration - systems exchange data by direct integration (through Zapier®)

We have a two-step access process; authentication and authorization.

The second step involves receiving an Authorization token, which is then used to request an Access and Refresh token. There are two ways to receive an Authorization token:

Through a browser initiate the authorization with your Client ID and Client Secret tokens [Step 1 above] and your REDIRECT_URI (the redirect URI is where all API-related responses will be sent)

https://api.localiqservices.com/oauth/authorize?client_id=[CLIENT_ID]&response_type=code&redirect_uri=[REDIRECT_URI]

Please enter your business user credentials

The user (login email) being used for API authentication must be a business user in the LocaliQ platform and have access to the account(GMAID) that will be used in the API.

Upon successful authentication, you will be redirected to the REDIRECT_URI along with an Authorization token. This token expires in 10 minutes.

Please use the Authorization token to request an Access and Refresh token.

The above command returns JSON structured like this:

Another way to get the Authorization, Access and Refresh tokens today is to use the direct access approach. OAuth 2 provides a "password" grant type which can be used to exchange your business user credentials for an Access token directly. This method is easier to use for straight API integrations where user interaction isn't desired or possible.

Replace the CLIENT_ID, CLIENT_SECRET, USERNAME and PASSWORD with the correct values for your account.

Request New Access Token

Refresh tokens are long-lived. This means you must store it securely to keep it from being used by potential attackers. For this reason, it is not safe to store them in the browser. If a Refresh token is leaked, it may be used to obtain new Access tokens (and access protected resources) until it is blacklisted. Access tokens must also be kept secret, but due to its shorter life, security considerations are less critical.

The email address used to obtain the OAuth Access token must be associated with the account(GMAID) of the requested advertiser. If it is not, the API will return an HTTP response with status code 403 and the following body:

{ "name": "not_authorized", "message": "You are not permitted to perform this action." }

The user (login email) being used for API authentication must be a business user in the LocaliQ platform and have access to the account(GMAID) that will be used in the API. Business User credentials are provided by your account team during account creation. These credentials allow you to access the account data through the APIs as well as the Customer Center. If you need to check if you have a Business User created or need to reset your password, you can navigate to ReachSecurePay (https://reachsecurepay.com/client/index.php) and enter your email address. If you encounter the error message “Email Address is invalid” or “Email Address not found”, please contact your account management team. If you progress to the login screen, you can select “Create a new password” which will either send you a password reset email or allow you to set your password manually (this will only occur if your password has never been set).

The business user must have an “Agency Customer” role to use the lead APIs. If the API response has PII and the advertiser falls under the HIPAA category, the API will check for this role to provide PII information in the response. Please reach your account team to check and/or edit privileges on your business user. Please follow the needed due diligence when adding HIPAA privileges to your business user account since the implications of it are far beyond API access to data. This control applies to APIs that provide data that are classified as HIPAA and protected by law.

LocaliQ enforces API rate limits for its REST APIs. Rate limit configuration consists of a per-second request limit. Limits are set to 20 requests/second.

If you exceed the rate limit allowance, your request will be rejected. A HTTP 429 (Too Many Requests)​ response will be returned. Clients must back off until the end of the current rate limit window before making any more requests.

Example response body for throttled request:

{ "message": "Too Many Requests" }

We reserve the right to alter rate limits and other functionality to prevent abuse, spam, denial-of-service attacks, or other security issues. Where possible, we'll return a descriptive error message, but the nature of this type of rate limiting often prevents us from providing more information.

Example Response

Invalid grant error messages occurs when either:

To resolve this check your username and password for accuracy, then follow steps at Requesting Access and Refresh Tokens to request a new refresh token.

Example Response

Unauthorized messages can occur when a request for a report endpoint is made using an expired token. To resolve this, follow steps at Requesting Access and Refresh Tokens

Example Response

The business user must be set up to allow access to HIPAA information to access HIPAA data through the API. You can reach your account team to check and/or edit privileges on your business user. Please follow the needed due diligence when adding HIPAA privileges to your business user account since the implications of it are far beyond API access to data. This control applies to APIs that provide data that are classified as HIPAA and protected by law. The business user must have "Agency Customer" role to use the lead APIs. If the API response has PII and the advertiser falls under the HIPAA category, the API will check for this role to provide PII information in the response.