Authentication

Once you get an API key, you can start making requests to the SymphonyOS APIs.

All requests to the Ads API must include the following headers for authentication and security:

x-api-key

x-api-key: <your_symphonyos_api_key>

This is enough to start making most calls to the API.

x-brand-id

If you intend to provide the API to your users directly, it is recommended to also send an x-brand-id header alongside your requests. The x-brand-id should reference your user's unique ID on your platform.

x-brand-id: <your_unique_user_identifier>

For example, you can pass the x-brand-id when creating a campaign to specify which user created the advertising campaign. From there, making a call to list all campaigns with the x-brand-id header returns only that user's campaigns.

If your integration involves multiple users, each user will have their own brand associated with your partner account. In this case, you must also include the x-brand-id header in every request to specify which user's brand is being accessed.

For all advertising-related flows, it is essential to identify the brand being used, whether it is the default brand or one explicitly specified via the header. The brand must be connected to a Facebook account with permissions for the ad account and the pages used in the campaigns.

Considerations

When working with the x-brand-id is important to understand that you can send any value, but the brand that value represents needs to be created first, the only two ways to create a brand given any x-brand-id value you want are

• Login the user with Facebook
• Calling the meta connect brand endpoint

Symphony will automaticaly create a brand once you go through one of these flows, then you can use the x-brand-id in every request.

Security

To ensure the security of our API:

• All requests must be made over HTTPS.
• JWT tokens and API keys must be kept confidential.
• We regularly audit and update our security protocols to protect data integrity and privacy.