Skip to content

Introduction to ImmoScout24 API Authentication

ImmoScout24 uses OAuth 1.0a to provide authorized access to its APIs. For more detailed information about OAuth, please refer to the OAuth 1.0a core document.

We highly recommend that you use a library to implement the authentication. Please refer to the official list of OAuth 1.0a libraries.

For authentication purposes, your application (in OAuth known as Consumer1 ) uses:

  • a consumer key that acts as a unique identifier for your application and
  • a consumer secret that is used as a password for your application.

If you haven't done so yet, please generate your consumer key and consumer secret.

Authentication Process

The ImmoScout24 API expects each API call to go through the authentication process and distinguishes between two types:

  • Two-legged OAuth is a form of authentication where an application makes API requests without a user context. It requires a consumer key and consumer secret only to sign the request and to authenticate your application. This applies, for instance, to the search resource where an application performs GET requests to our search result list. For more details on how to do two-legged OAuth, please proceed to this section.

  • Three-legged OAuth is a form of authentication where an application is granted permission by a user to act on behalf of that user2. This requires both a consumer key, consumer secret, and an access token. The access token represents the explicit permission of the ImmoScout24 user for your application to access his/her resources. For more details on how to do three-legged OAuth, please proceed to this section.

  1. Consumer is a 3rd party application which acts on behalf of a user. In these docs we will be referring to the Consumer as your application

  2. User is an ImmobilienScout24 user who uses the 3rd party application (Consumer) and is identified by a username or an SSO ID