- Docs>
- Business Authentication>
- Concepts
Business Authentication
Concepts
This document introduces the Business Authentication.
Overview
Business Authentication is an Oauth 2.0-based authentication service that allows secure operation of Kakao Business assets.
By implementing Business Authentication, services can obtain only the necessary Authorization to operate business assets and securely and easily access Kakao Business APIs such as Kakao Moment and Keyword Ad.
Implementation guide
To provide Business Authentication in a service, the following procedures must be completed. Refer to the detailed instructions each item.
- Application configuration
- Switch to a Biz App
- Register Business redirect URI
- Obtain the required permissions for the Business assets by Request permission.
Business Authentication process
The Business Authentication process is explained below. Refer to the sequence diagram and the step-by-step explanation.
- When a user requests Business Authentication, the service specifies the required Business consent items and requests the Get business authorization code API.
- The Business consent screen with the specified consent items is displayed to the user.
- If the user agrees to the consent screen, the Kakao API platform sends the business authorization code to the service via the Business redirect URI.
- The service requests the Get business token API with the authorization code to issue a Business token.
- The service uses the issued business token to operate the Business assets.
Business assets
Assets provided by Kakao for users to use in their business activities. Representative examples of business assets include Ad accounts.
For a service to operate a user's business assets, it must obtain Authorization for access to each asset's information and functions through the Business consent items.
Authorization
The process where the Kakao API platform asks the user for consent on the Business consent screen to provide access to the business assets requested by the service.
The service can request authorization by including the required Business consent items in the Get business authorization code API request. If the user agrees, the service receives an authorization code, which can be used to issue a Business token.
Note: Business consent screen
Business consent items
Items corresponding to the access permissions for the information and functions of Business assets. Services use business consent items to request Authorization from users.
Consent level
Settings that control how business consent items are requested from users for Authorization. Business Authentication supports only the required consent level, which requires users to agree to the consent screen.
Personal information
A list of Business consent items that the service must configure in the app and obtain user authorization for in order to receive personal information through Business Authentication. For instructions on setting up personal information consent items in the app, refer to Prerequisites.
| Name (ID) | Description | Related API |
|---|---|---|
| Email ( biz_account_email) |
Kakao account's primary email Kakao account (email) information for identifying the Business Authentication user Note: Provided after configuring the business consent items in the app and obtaining user Authorization |
Get business user information |
Kakao Moment
A list of Business consent items that must be authorized to call the Kakao Moment API through Business Authentication.
| Name (ID) | Description | Related API |
|---|---|---|
| Create Kakao Moment ad account ( moment_create) |
Permission to call the API to create Kakao Moment ad accounts Note: Authorization can only be requested for all of the user's Kakao Moment ad accounts |
Create ad account |
| Run Kakao Moment ad accounts ( moment_management) |
Permission to call APIs related to managing Kakao Moment ad accounts | Kakao Moment API Note: Excludes moment_create and moment_delete related APIs |
| Delete Kakao Moment ad account settings ( moment_delete) |
Permission to call APIs related to deleting Kakao Moment ad account settings Note: Only settings can be deleted, ad accounts cannot be deleted |
Kakao Moment API for any API with the DELETE method |
Keyword Ad
A list of Business consent items that must be authorized to call the Keyword Ad API through Business Authentication.
| Name (ID) | Description | Related API |
|---|---|---|
| Create Keyword Ad account ( keyword_create) |
Permission to call the API to create Keyword Ad accounts Note: Authorization can only be requested for all of the user's Keyword Ad accounts |
Create ad account |
| Run Keyword Ad accounts ( keyword_management) |
Permission to call APIs related to managing Keyword Ad accounts | Keyword Ad API Note: Excludes keyword_create and keyword_delete related APIs |
| Delete Keyword Ad account settings ( keyword_delete) |
Permission to call APIs related to deleting Keyword Ad account settings Note: Only settings can be deleted, ad accounts cannot be deleted |
Keyword Ad API for any API with the DELETE method |
Business token
An access token for Business Authentication that proves a service has access permission to the Business assets information and functions.
The service uses the business token to call the Kakao Business APIs and operate business assets. Below are the details of business tokens, which differ from regular tokens.
- Issuance
- The business token is newly issued each time when requesting the Get business token API.
- Retrieval
- The permissions granted to the business token can be retrieve through the Retrieve business token information API.
- Permissions for each business token, identified by the business token ID and the Business Authentication user ID, can be viewed in [My Applications] > [Business Authentication] > [Business tokens].
- Expiration
- Automatically expires after long periods of inactivity.
- Revocation
- Can be revoked using the Revoke business token API.
Usage policy
Request permission
To use Business Authentication, services must meet the following conditions.
- Kakao Moment: Possible to use after requesting and receiving approval for Request for app permissions through [Kakao Moment] review.
- Keyword Ad: Available after converting the Kakao Developers app to a Biz App.
Features
| Feature | Description | Documentation |
|---|---|---|
| Get business authorization code | Requests a business authorization code through a business consent screen with user consent. | REST API |
| Get business token | Requests a business token with the obtained authorization code. | REST API |
| Retrieve business token information | Verifies the validity and checks its information. | REST API |
| Retrieve business user information | Retrieves information for users who have completed business authentication. | REST API |
| Revoke business token | Revokes issued business token. | REST API |