How to Get Your Snapchat Ads API Key
May 29, 2026
Snapchat doesn't issue a static "API key." Access requires OAuth 2.0 credentials — client ID, client secret, access tokens, and refresh tokens — generated through Snapchat Business Manager. There are no developer-token tiers, no Trial → Standard model, no demo-video approval process, and no allow-listing. The Snapchat Marketing API has been open to all advertisers, agencies, and developers since February 2018, which makes it the most permissive of the major paid-social APIs to get production access to in 2026.
That stands in sharp contrast to its closest peers. Pinterest gates production write access behind a Trial → Standard tier model with a required demo video. Reddit gates full Ads API access behind informal allow-list approval that depends on advertiser status or partner relationships. Meta requires app review for most production permissions. Snapchat requires none of that — register your OAuth app, request the scopes you need, and start calling endpoints.
This guide covers the 2026 process: creating your OAuth app in Snapchat Business Manager, requesting the right scopes (campaign management, conversions, or both), running the OAuth flow, and the Snapchat-specific gotchas in the auth model.
Key takeaways
- The Snapchat Marketing API uses OAuth 2.0 only — no API keys, no basic auth. Endpoints live under
/v1/(no version branding beyond the URL path). - No tier model, no approval gate. Open to everyone since 2018. This is the single biggest differentiator vs Pinterest and Reddit.
- App registration happens in Snapchat Business Manager (
business.snapchat.com) → Business Details → OAuth Apps, notkit.snapchat.com(which is Snap Kit for consumer login). - Three exact OAuth scopes serve different purposes:
snapchat-marketing-api(campaign management),snapchat-offline-conversions-api(Conversions API),snapchat-profile-api(public profile reads). - The Conversions API uses the same OAuth flow — unlike Pinterest's separate CAPI token. One OAuth credential system, scope-gated.
- Refresh tokens don't expire and don't rotate. The same refresh token persists indefinitely unless the user revokes access — different from Reddit's rotation behavior.
- Dual-level rate limits: 20 requests/second per app, 10 requests/second per access token.
- Snapchat's term for "ad group" is "Ad Squad." It's still the current terminology.
Before you start
You'll need:
- Organization Admin access in Snapchat Business Manager (required to access the OAuth Apps section)
- An understanding of which scopes your integration needs — campaign management, conversions tracking, or both
- A redirect URI for OAuth callbacks
- For multi-tenant SaaS: a backend that stores per-tenant access tokens and refresh tokens, plus the
organization_idandad_account_idvalues discovered during onboarding
Organization Admin is the gating role. If you don't have it, you'll need an existing Admin in your Snapchat organization to either grant you the role or create the OAuth app on your behalf.
Step-by-step: creating Snapchat Marketing API credentials in 2026
1. Create your OAuth app
Sign in to Snapchat Business Manager at business.snapchat.com with an Organization Admin account. Navigate to Business Details → OAuth Apps. Accept the Snap Developer Terms and Snap Business Tools Terms if prompted.
Click to create a new app. Provide:
- App name — descriptive, includes your integration purpose
- Redirect URI — your OAuth callback URL (e.g.,
https://your-app.com/oauth/callback)
After creating, Snapchat displays:
client_id— your application identifier (persistent)client_secret— shown only once, must be saved immediately
Store both credentials securely. The client secret cannot be retrieved later — if you lose it, you'll need to regenerate, which invalidates the previous secret.
2. Build the authorization URL
Direct users to Snapchat's authorization endpoint:
https://accounts.snapchat.com/login/oauth2/authorize
?client_id={YOUR_CLIENT_ID}
&redirect_uri={YOUR_REDIRECT_URI}
&response_type=code
&scope=snapchat-marketing-api snapchat-offline-conversions-api
&state={CSRF_TOKEN}
Scopes are space-separated, not comma-separated like Reddit. The three valid scopes:
snapchat-marketing-api— read/write campaign management (Organizations, Ad Accounts, Campaigns, Ad Squads, Ads, Creatives, reporting)snapchat-offline-conversions-api— read/write Conversions API for server-side event trackingsnapchat-profile-api— read access to Snapchat Public Profile APIs
Request only the scopes you need. Most full integrations request the first two.
The user signs in, sees the consent screen describing what your app is requesting, and clicks Allow. Snapchat redirects to your redirect_uri with ?code={AUTH_CODE}&state={CSRF_TOKEN}.
3. Exchange the authorization code for tokens
POST to Snapchat's token endpoint:
POST https://accounts.snapchat.com/login/oauth2/access_token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id={YOUR_CLIENT_ID}
&client_secret={YOUR_CLIENT_SECRET}
&code={AUTH_CODE}
&redirect_uri={YOUR_REDIRECT_URI}
The response includes a short-lived access token (3600 seconds / 60 minutes) and a long-lived refresh token that doesn't expire.
4. Make authenticated API calls
Include the access token in the Authorization header on every request to https://adsapi.snapchat.com/v1/...:
GET https://adsapi.snapchat.com/v1/me/organizations
GET https://adsapi.snapchat.com/v1/organizations/{organization_id}/adaccounts
GET https://adsapi.snapchat.com/v1/adaccounts/{ad_account_id}/campaigns
GET https://adsapi.snapchat.com/v1/campaigns/{campaign_id}/adsquads
The hierarchy is Organization → Ad Account → Campaign → Ad Squad → Ad. The organization_id and ad_account_id values are what you'll need to discover during onboarding and store per-tenant.
5. Refresh tokens when they expire
When access tokens hit their 60-minute expiry, you'll receive a 401 with WWW-Authenticate: Bearer error="invalid_token". Refresh by POSTing to the same token endpoint:
POST https://accounts.snapchat.com/login/oauth2/access_token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token
&client_id={YOUR_CLIENT_ID}
&client_secret={YOUR_CLIENT_SECRET}
&refresh_token={REFRESH_TOKEN}
The response returns a new access token. The same refresh token is returned — Snapchat doesn't rotate refresh tokens on refresh. Persist the new access token; the refresh token stays the same.
The gotcha: Snapchat's auth model has its own quirks
Don't confuse Snapchat Business Manager with Snap Kit. business.snapchat.com is where Marketing API OAuth apps are registered. kit.snapchat.com is Snap Kit — a different product entirely for consumer-facing Snap login, Bitmoji integration, and Creative Kit for posting to personal Stories. The two share Snap branding but are unrelated for ads work.
Organization Admin is required to create OAuth apps. This isn't just a "recommended" role — Business Manager gates app creation behind it. If your integration project lead isn't an Organization Admin, that needs to be resolved before you start, not during.
Refresh tokens don't expire — but they do break. Snapchat's refresh tokens have no documented expiration and don't rotate on each refresh. However, they stop working if the user's access is revoked, the user is removed from the organization, or the client secret is regenerated. Repeated refresh failures (401 / invalid_grant) usually mean re-authorization is needed, not a transient issue.
Rate limits are concrete and dual-level. 20 requests/second per app across all tokens combined; 10 requests/second per individual access token. Exceeding either triggers 429 Too Many Requests. For multi-tenant SaaS, the app-level limit is what constrains you across all customers — design your worker pacing accordingly.
The Conversions API is the same OAuth — but scope matters. Unlike Pinterest (which generates a separate CAPI token in Ads Manager) or Reddit (which has separate Ads API and Data API surfaces), Snapchat's Conversions API uses the same OAuth credentials with a different scope (snapchat-offline-conversions-api). If your integration needs both campaign management and conversion tracking, request both scopes in the initial authorization. Adding a scope later requires re-authorization.
Creative upload IS supported via the Marketing API. The full programmatic creative-upload surface (media files, video creatives, image creatives, association with ads) is part of the Marketing API. If you read elsewhere that Snapchat creative is read-only, that's typically a third-party integration scoping decision, not a Snap API limitation. The endpoints for video_media_id, image_media_id, and Creative object creation are documented at developers.snap.com/api/marketing-api. A 2026 case study reported batch API uploads cutting creative variation upload time from 2–3 hours manually to 15 minutes via API — a real efficiency case when you need it.
Security and credential handling
Store the client secret in a proper secret manager. It's shown only once. AWS Secrets Manager, Azure Key Vault, GCP Secret Manager. If you lose it, you'll need to regenerate it through Snapchat Business Manager — which invalidates any tokens issued against the previous secret.
Refresh proactively. Refresh access tokens at the 55-minute mark with retry logic and exponential backoff on failures. Don't wait until you hit 401 errors mid-request.
Handle re-authorization gracefully. Because refresh tokens can break when access is revoked or the user is removed from the organization, design your SaaS UX to detect repeated refresh failures and prompt the customer to reconnect. Don't retry indefinitely against an invalidated refresh token.
Audit Organization membership periodically. Tokens are tied to user access via the Organization. If a customer's authorizing user leaves their organization, the integration's tokens stop working. For long-running SaaS, consider periodic health checks against tokens to catch silent breakage early.
Rate limit defensively at the app level. With 20 req/s as the app-wide ceiling, multi-tenant integrations need queue-based pacing across all customer tokens combined, not just per-token throttling. One customer running a heavy batch shouldn't starve the others.
Is there an API-key alternative?
No. The Snapchat Marketing API requires OAuth 2.0 with user-delegated access. There are no static API keys, no service-principal flows, and no shared application tokens. Every API call resolves against a specific user's authorization to a specific Organization and the Ad Accounts that Organization owns.
Frequently asked questions
Why is Snapchat's Marketing API so much easier to access than Pinterest's or Reddit's? Different platform strategies. Snapchat opened the API to all advertisers and developers in February 2018 and hasn't reintroduced gating since. Pinterest uses a Trial → Standard tier model with demo-video approval for production writes. Reddit gates full Ads API access through informal allow-list approval. Each platform's API access policy reflects how they're trying to grow their ads business and what level of developer ecosystem they want to maintain.
Is "Ad Squad" really still the term? Yes. Snapchat's term for what other platforms call "ad sets" or "ad groups" is still "Ad Squad" in 2026, with API endpoints like /v1/adsquads/{ad_squad_id}/. An Ad Squad is owned by a Campaign and contains one or more Ads.
Do I need a separate credential for the Conversions API like with Pinterest? No. Snapchat's Conversions API uses the same OAuth credentials with a different scope (snapchat-offline-conversions-api). Authenticate once with both scopes if your integration needs campaign management and conversion tracking — no separate token generation flow.
What happens when a refresh token breaks? Snapchat's refresh tokens don't expire but they do stop working when the user's access is revoked, the user is removed from the Organization, or the client secret is regenerated. Repeated 401 / invalid_grant errors during refresh mean re-authorization is needed — prompt the customer to reconnect rather than retrying indefinitely.
Are there any 2026-specific changes I should know about? No major version migrations, no scope renames, no breaking changes. The Snapchat Marketing API has been remarkably stable since its 2018 public launch — same v1 endpoints, same OAuth pattern, same three scopes. This stability is a real advantage for long-running integrations compared to platforms where breaking changes are more frequent.
Where Unified fits
Unified.to provides a single API across Snapchat, Pinterest Ads, Reddit Ads, Meta Ads, LinkedIn Ads, TikTok Ads, Google Ads, Microsoft Advertising, Amazon Advertising, Google Campaign Manager 360, Google Display & Video 360, and 4 other advertising integrations — 15 in total — covering campaigns, ad squads / ad groups, ads, creatives, targeting, and reporting through a normalized data model.
For Snapchat specifically, Unified handles the OAuth flow, scope routing, token refresh, and the Organization / Ad Account / Campaign / Ad Squad / Ad hierarchy behind a single authorization step. Real Snapchat objects map to Unified's normalized models: ads_organization (list/get), ads_campaign, ads_group (Snapchat's Ad Squad), and ads_ad with full CRUD, ads_creative for reading creatives associated with campaigns, plus ads_report and ads_target for reporting and targeting. Programmatic creative uploads — Snapchat supports the full media-upload surface for video and image creatives — are available through pass-through access, where the full vendor API is reachable through Unified's authorized connection.
If you're evaluating whether to build Snapchat integration directly or use a unified API, the question is less about Snapchat's auth difficulty (which is genuinely lower than most ad platforms) and more about whether building parallel integrations for all the ad platforms your customers use — each with different OAuth quirks, different rate limits, different access models — is something your team should own, or something to abstract behind a single connection.