Skip to main content

Introduction

Our API utilizes the OAuth 2.0 authorization framework to ensure secure and standardized access to resources. This means that all requests to the API must be authenticated.
OAuth 2.0 is an industry-standard protocol for authorization. It allows third-party applications to access web resources on behalf of a user without exposing their credentials.
Understanding how to authenticate is crucial for successfully integrating with our platform. We offer different authentication methods depending on your integration needs.

Authentication Methods

Depending on how you intend to integrate with our API, you can choose one of the following authentication methods:
If you are developing a software system or application that will access our API on behalf of end-users (e.g., a plugin, an external service), your application will act as an OAuth 2.0 client.In this scenario:
  1. Your application will initiate an OAuth 2.0 authorization flow.
  2. The end-user will be redirected to our authorization server to grant your application permission to access their data.
  3. Upon successful authorization, your application will receive an access token.
  4. This access token must be included in the Authorization header of all API requests made on behalf of that user, typically as a Bearer token.
Authorization: Bearer <YOUR_ACCESS_TOKEN>
This flow ensures that users have explicit control over what data your application can access and that their credentials are never shared directly with your application.
If you are integrating your own internal system or service directly with our API, where there isn’t an end-user authorizing access in real-time, you can use a Personal Access Token (PAT).A Personal Access Token is a long-lived token that you can generate for your own account or system. It grants access to the API as if it were you.Key characteristics of PATs:
  • Simplicity: Easier to implement for server-to-server integrations.
  • Security: Treat PATs like passwords; keep them confidential and store them securely.
  • Scope: PATs are typically scoped to your user account’s permissions.
PATs should also be included in the Authorization header of your API requests as a Bearer token:
Authorization: Bearer <YOUR_PERSONAL_ACCESS_TOKEN>

Obtaining API Tokens

To begin integrating with our API, you will need to obtain the necessary credentials (client IDs, client secrets for OAuth clients, or Personal Access Tokens).

Request API Tokens

Please contact our support team to request your API tokens.
Email us at: [email protected]In your email, please specify:
  • Your name and organization.
  • The type of integration you are planning (Third-Party Software or Direct System Integration).
  • A brief description of your application or system and its purpose.
Our team will guide you through the process and provide you with the appropriate credentials to get started.

Security Best Practices

  • Keep Tokens Confidential: Never expose your access tokens or PATs in client-side code or public repositories.
  • Use HTTPS: Always make API requests over HTTPS to ensure secure communication.
  • Token Expiration and Refresh: For OAuth 2.0 client flows, be prepared to handle token expiration and implement token refresh mechanisms.
  • Principle of Least Privilege: Request only the necessary permissions (scopes) for your application.
If you have any questions or require assistance with the authentication process, please do not hesitate to reach out to our support team.