Skip to main content

Authorization

Follow this guide to create a new Bombora credential that will allow Nexla to authenticate to and exchange data with your Bombora account.
bombora_api_auth.png

Bombora

Prerequisites

The Bombora APIs use the OAuth 2.0 client credentials grant for server-to-server authentication. A Nexla credential exchanges a Client ID and Client Secret at the Bombora token endpoint to obtain a short-lived bearer access token, which Nexla then sends in the Authorization header on every subsequent API call.

Client credentials are issued by Bombora to API customers through the Bombora Developer Portal. Before creating a credential in Nexla, complete the following steps.

Obtain API Access from Bombora

API access to the Bombora platform is provisioned by Bombora as part of the customer onboarding process. The customer-facing portal at https://developer.bombora.com/ hosts the API reference for the Authentication API, Account List API, Digital Audience Builder (DAB) API, Intent API, Reference API, and Webhooks API.

  1. Sign in to the Bombora Developer Portal using the account credentials provided by your Bombora account team. If your organization does not yet have access, contact your Bombora account representative to request API access.

  2. Confirm with your Bombora account team which APIs your subscription is entitled to use (for example, Account List, Digital Audiences, Intent, or Webhooks). Endpoints outside of your entitlement return authorization errors even when the access token is valid.

Retrieve Your Client ID and Client Secret

OAuth 2.0 client credentials (a Client ID and a Client Secret) are issued by Bombora and are used to obtain bearer access tokens for the Bombora APIs.

  1. Sign in to the Bombora Developer Portal, and locate the credentials issued for your organization. If credentials have not yet been issued, request them from your Bombora account representative.

  2. Record the Client ID value. This identifier is sent on every token request to Bombora and is paired with the Client Secret to authenticate your application.

  3. Record the Client Secret value, and store it in a secure secret manager. The Client Secret functions as a password for the API client — anyone in possession of the secret can request access tokens against your Bombora account.

    For the full Authentication API contract, see the Bombora Authentication API documentation and the token endpoint reference.

Confirm the Token Endpoint URL

The Bombora token endpoint exchanges client credentials for an OAuth 2.0 bearer access token. The default Bombora token URL is https://api.bombora.com/oauth/token, and this value is pre-populated in the Nexla credential overlay.

  • Keep the default token URL unless your Bombora account team has provided a different URL for your environment. In that case, replace the default value with the URL provided by Bombora.
Important

The Client Secret grants programmatic access to your Bombora account. Store it in a secure secret manager, never commit it to source control, and rotate it immediately if you suspect that it has been exposed.

Create a Bombora Credential

  • To create a new Bombora credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth 2.0 Client Credentials

Bombora uses the OAuth 2.0 client credentials grant for server-to-server authentication. Nexla automatically requests a bearer access token from the Bombora token endpoint using the values configured below and applies the token to every API call.

  1. Enter the Client ID issued by Bombora in the Client ID field. This identifier is sent on every token request to Bombora.

  2. Enter the Client Secret issued by Bombora in the Client Secret field. This value is treated as a secret and is stored encrypted in Nexla.

  3. Confirm the URL of the Bombora token endpoint in the Token URL field. The default value https://api.bombora.com/oauth/token applies to standard Bombora accounts; replace it only if your Bombora account team has provided a different URL for your environment.

    Nexla validates the credential by calling a low-impact reference endpoint (https://api.bombora.com/reference/v1/demographic/b2b-personas) with the issued access token. A successful validation confirms that the Client ID, Client Secret, and Token URL values are correct and that the resulting token has access to the Bombora APIs.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.