Introduction to ImmobilienScout24 API Authentication Model

ImmobilienScout24 uses OAuth 1.0a to provide authorized access to its APIs. For more detailed information about OAuth, have a look at the Beginner's Guide to OAuth 1.0a. In addition, have a loot at a list of OAuth 1.0a libraries.

For authentication purposes, a System (in OAuth known as Consumer1 ) uses:

  • a system key that acts as a unique identifier for the system and
  • a system secret that is used as a password for the system.

If you haven't done so yet, please generate your system key and system secret.

Authentication Process

The ImmobilienScout24 API expects each API call to go through the authentication process and distinguishes between two types:

  • Two-legged OAuth is a form of authentication where an application makes API requests without a user context. It requires a system key and system secret only to sign the request and to authenticate the system. This applies, for instance, to the search resource where an application performs GET requests to our search result list. For more details on how to do two-legged OAuth, please proceed to this section.

  • Three-legged OAuth is a form of authentication where a system is granted permission by a user to act on behalf of that user2. This requires both a system key, system secret, and an access token. The access token represents the explicit permission of the ImmobilienScout24 user for the system to access his/her resources. For more details on how to do three-legged OAuth, please proceed to this section.


  1. Consumer is a 3rd party application which acts on behalf of a user. In these docs we will be referring to the Consumer as System

  2. User is an ImmobilienScout24 user who uses the 3rd party application (Consumer) and is identified by a username or an SSO ID