- Getting started
- Authentication
- Scopes and permissions
- Platform Management APIs
Authentication methods
Our API supports various authentication methods, each tailored to different scenarios and use cases. Here's an overview of the authentication methods available:
-
Personal Access Tokens: Personal Access Tokens are a convenient way for individual users to access our platform programmatically. These tokens act as a secure bridge between your applications and our API. Users can generate and manage their tokens through their user preferences, allowing fine-grained control over the data they can access. Personal Access Tokens are ideal for scripts, automated tasks, or small-scale integrations.
-
OAuth 2.0 for External Apps: OAuth 2.0 is designed for third-party applications seeking access to our platform on behalf of users. It facilitates secure authorization without exposing user credentials. External apps can register with us, obtaining client credentials that identify them. This method is recommended for larger integrations and applications accessing multiple users' data.
-
API Keys: API keys offer a simple way to authenticate requests by attaching a key to each API call. While not as robust as some other methods, API keys are useful for resources or scenarios where fine-grained control isn't necessary, since they iffer limited access control, granting access to all endpoints associated with the key.Important: Support for API Key authentication will end March 2025. We recommend using External Applications or Personal Access Tokens (PATs) as the primary method of authentication.
Learn more about upcoming deprecations.
-
ROPC (not recommended): Resource Owner Password Credentials (ROPC) is an authentication method that allows users to provide their username and password directly to the authorization server to obtain an access token. It is less secure and not recommended compared to token-based methods like OAuth or personal access tokens.
