This article provides information needed to begin using the Tealium v2 API. The previous v1 API is still available, but will eventually be deprecated.

In this article:

Table of Contents Placeholder

Root URL

Each API has its own endpoint and supported parameters. The root URL for all API requests is:

An API endpoint is documented with a specific HTTP method and path, for example:

GET /revisions

Some endpoints show placeholder variables ( {variable}) to indicate values that you supply. Most endpoints require the name of the your iQ Tag Management (TiQ) account and profile in the path of the call.

Example API endpoint path for TiQ revisions:{account}/{profile}/revisions

Request and Response Format

The API supports JavaScript Object Notation (JSON). API requests that use JSON require the following header setting:

Content-Type: application/json

Most responses are in JSON format. Documentation for each endpoint contains example cURL calls and responses.


A JSON Web Token (JWT) referred to as a bearer token, is required for authentication. The bearer token is generated by the Tealium API key and is to be used for all subsequent API calls. It is valid for 30 minutes.

Do not generate a new bearer token for every call. Use the token until it expires. Failure to use the token in this manner will result in auth call throttling at Tealium's discretion.

Learn more about Managing and Generating API Keys.

POST /v2/auth

cURL Request

The following cURL request shows the variables required for the API key exchange for a JWT token. The URL, username, and API key are encoded.

curl -X POST \ \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={email}' \
--data-urlencode 'key={api_key}'

Example Request

curl -X POST \ \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode '' \
--data-urlencode 'key=7O4Pjn8tuc0%5B3Nc2)%7DyXJW8EaCuDRA1U8Jn%23p)qc*O94(*ubIeEUz%25%5D%242~)WKlLB'

Example Response

* Trying
* Connected to ( port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> POST /v2/auth HTTP/1.1
> Host:
> User-Agent: curl/7.43.0
> Accept: */*
> cache-control: no-cache
> content-type: application/x-www-form-urlencoded
> Content-Length: 127
* upload completely sent off: 127 out of 127 bytes
< HTTP/1.1 200 OK
< Date: Wed, 14 Feb 2018 19:04:22 GMT
< Content-Type: application/json
< Content-Length: 893
< Connection: keep-alive
< Cache-Control: no-cache,no-store,must-revalidate
< Pragma: no-cache
< Expires: 0
< X-XSS-Protection: 1;mode=block
< X-NodeId: i-0afb3e9b53ba15930
< X-Version: 1.0.130-SNAPSHOT
< Set-Cookie: rememberMe=deleteMe; Path=/urest_service; Max-Age=0; Expires=Tue, 13-Feb-2018 19:10:41 GMT
* Connection #0 to host left intact