OAuth 2

OAuth 2.0 Authentication

We continue to support both OAuth 2.0 tokens and access tokens for public API authentication.

Accessing OAuth Applications:

• Company Settings: Navigate to Company Settings > OAuth Applications.

Creating OAuth Applications:

• Admin-Only: Only admin users can create new applications.
• Process:
  1. Log in to your workspace.
  2. Go to Company Settings > OAuth Applications.
  3. Click Create Application.
  4. Enter a name for the application.

Client Credentials:

• Generation and Security: Upon creation, the system generates a client ID and client secret. The client secret is only visible once and can be regenerated for security reasons.

Token Generation:

• Authorization Endpoint: Use the following endpoint to generate an authorization token:

  {main-domain}/api/v2/pub/oauth/token
  

• Request Body:
  JSON

  {
      "grant_type": "client_credentials",
      "client_secret": "<clientSecret>",
      "client_id": "<clientId>"
  }
  

• Response: The response includes the token_type, expires_in, and access_token values.

Authenticating API Calls:

• Authorization Header: Include the access_token in the Authorization header of your API calls as a Bearer token.

Example:

Authorization: Bearer <token>

Additional Notes:

• Token Validity: Authorization tokens expire after 24 hours.
• Client Application Revoking: You can revoke client applications at any time to invalidate associated tokens.
• OAuth 2.0 Client Credentials Grant Type: This grant type provides access to all resources within the workspace.