How to create an account and log in
Intro
Create Omnisend accounts for your merchants and log them in — all via API. This guide walks through the partner integration flow: obtaining an access token, creating an account, and establishing a login session.
See API reference: Accounts
Prerequisites
- OAuth client credentials (
client_idandclient_secret) — contact Omnisend to obtain partner credentials - Your platform must be registered as an Omnisend partner
Step 1: Get an access token
Request an access token using the OAuth 2.0 client credentials grant. Include the scopes you need for the operations you plan to perform.
curl --request POST \
--url 'https://app.omnisend.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=YOUR_CLIENT_ID' \
--data-urlencode 'client_secret=YOUR_CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=accounts.write sessions.write'Response:
{
"access_token": "YOUR_ACCESS_TOKEN",
"expires_in": 7200,
"token_type": "Bearer",
"scope": "accounts.write sessions.write"
}Note: The access token expires after 2 hours (
expires_in: 7200seconds). Request a new token when the current one expires.
Available scopes
| Scope | Use |
|---|---|
| accounts.write | Create accounts (Step 2) |
| brands.write | Update brand info (Step 5) |
| sessions.write | Create login tokens / sessions (Steps 3–4) |
Step 2: Create an account
Create a new Omnisend account with business details, a primary user, and an address. Save the returned accountID, brandID, and userID — you will need them to log the user in.
curl --request POST \
--url https://api.omnisend.com/api/accounts \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"name": "My Store",
"website": "https://www.mystore.com",
"timezone": "Europe/Vilnius",
"currency": "EUR",
"language": "en",
"user": {
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith"
},
"address": {
"countryCode": "US",
"stateCode": "CA",
"city": "San Francisco",
"address": "123 Market St.",
"postCode": "94105"
}
}'Response (201 Created):
{
"accountID": "60a6170920d91c215e949b5a",
"brandID": "60a6170920d91c215e949b5c",
"userID": "60a6170920d91c215e949b5d"
}Warning: If
countryCodeisUS, thestateCodefield is required. Omitting it returns a400validation error.
Field validations
| Field | Format |
|---|---|
| website | Valid URL |
| timezone | IANA Time Zone (e.g. Europe/Vilnius) |
| currency | ISO 4217 (e.g. EUR, USD) |
| language | BCP 47 subtag (e.g. en, de) |
| address.countryCode | ISO 3166-1 alpha-2 (e.g. US, LT) |
| address.stateCode | 2 letters, required if countryCode is US |
Step 3: Create a login token
From your backend, request a one-time login token using the brandID and userID from account creation:
curl --request POST \
--url https://api.omnisend.com/api/sessions/token \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"brandID": "60a6170920d91c215e949b5c",
"userID": "60a6170920d91c215e949b5d"
}'Response:
{
"token": "ONE_TIME_LOGIN_TOKEN"
}Note: The login token is single-use. Generate a new token each time you want to log the user in.
Step 4: Log the user in
From your frontend, POST the login token to the sessions endpoint. This must happen in the user's browser so that session cookies are properly set.
Submit a form POST (or use JavaScript to submit a form) to https://api.omnisend.com/api/sessions:
<form method="POST" action="https://api.omnisend.com/api/sessions">
<input type="hidden" name="token" value="ONE_TIME_LOGIN_TOKEN" />
<input type="hidden" name="returnUrl" value="https://app.omnisend.com/" />
<button type="submit">Open Omnisend</button>
</form>On success, the user is redirected to Omnisend with active session cookies.
| Parameter | Required | Description |
|---|---|---|
| token | Yes | One-time login token from Step 3 |
| returnUrl | No | Redirect URL after login. Must start with https://app.omnisend.com/ |
Note: The
True-Client-IPheader with the end user's IP address and a validUser-Agentheader are required. Most browsers and HTTP clients setUser-Agentautomatically.
Step 5: Update brand information (optional)
After account creation, you can update the brand's name, website, timezone, or address. Obtain an access token with the brands.write scope, then send a PATCH request with only the fields you want to change:
curl --request PATCH \
--url https://api.omnisend.com/api/brands/current \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"name": "Updated Store Name",
"timezone": "America/New_York"
}'Response: 204 No Content
Complete flow summary
- Get access token →
POST https://app.omnisend.com/oauth2/token(client credentials) - Create account →
POST https://api.omnisend.com/api/accounts(savebrandID,userID) - Create login token →
POST https://api.omnisend.com/api/sessions/token(from backend) - Log user in →
POST https://api.omnisend.com/api/sessions(from browser) - Update brand (optional) →
PATCH https://api.omnisend.com/api/brands/current
Updated 8 days ago