Authorization header:
- API Keys (recommended)
- Access Tokens
Each API key provides a client ID and secret. Your app exchanges these for short-lived access tokens automatically — no manual token rotation needed.The response includes an access token and its expiration:When the token expires, request a new one using the same client credentials. Most OAuth libraries handle this automatically.
Create an API Key
- In the web app, open your user menu (bottom-left avatar) and choose My Settings.
- In the API Credentials section, select the API Keys tab.
- Click Create API Key and give it a name.
- Copy both the Client ID and Client Secret. The secret is only shown once.
Exchange credentials for an access token
Make API requests
Use the access token in theAuthorization header:Access tokens expire after 2 hours (
expires_in: 7200). The libraries below handle token refresh transparently, so you won’t need to re-fetch manually.SDK quick start
Unauthorized responses
You’ll receive401 Unauthorized if the token is missing, invalid, or expired.