Hi Shivam,
1. Do we need REST API authentication or OAuth-based authentication?
Marketo Engage uses OAuth 2.0 Client Credentials flow for REST API authentication.
Authentication is performed using: (Client ID, Client Secret, REST API Endpoint, Identity (OAuth) Endpoint)
The external application (e.g., Reo.Dev) requests an access token from Marketo’s Identity endpoint.
This access token is then used in all REST API calls via the Authorization: Bearer <token> header.
You do not use basic auth or user/password authentication.
You must use OAuth 2.0 via Marketo REST APIs.
2. Do we need to publish a public app?
No, publishing a public app is not required.Marketo integrations are typically created as Custom Services within the Marketo Admin panel.The integration is private to the Marketo subscription.The external tool authenticates using credentials generated in Marketo.There is no marketplace or public app approval process involved.
You only need to create a Custom Service in Marketo Admin. No public app publishing is required.
3. Permission Required to fetch list of all campaigns?
APIs commonly used:(Programs API, Smart Campaign API, Folder/Asset APIs)
Permissions to Send Contacts to Campaigns?
(Read-Write Lead permissions, Read-Write Campaign permissions (for Smart Campaign membership), Read-Write List permissions (if using Static Lists))
4. test environment or dummy credentials?
You can test end-to-end flows using a Marketo Sandbox subscription with its own API credentials.
Hope this helps
Thanks,
Bala
