API Reference
Community

Authentication Methods

API Keys

API keys are long-lived tokens that enable actions to be performed on behalf of the user who created the key. With the proper grants, a request authorized with an API key can do anything that user could do on their own behalf (e.g. create documents, edit documents, etc.).

OAuth 2.0 User Tokens

User tokens enable actions to be performed on behalf of the user that authorized their creation. If enabled, any user can authorize your app to create a user token on their behalf. With the proper scopes, a request authorized with a user token can do anything that user could do on their own behalf (e.g. create documents, edit documents, etc.).

OAuth 2.0 Account Tokens

Account tokens enable actions to be performed on behalf of an entire account. Only admins on an account can authorize your app to create a token on behalf of the account. Unless specifically intended, admins can't create tokens with scopes that can do things that they themselves can't do. Once created, the token is no longer associated with the user that created it. Anyone who has access to the token can use your app perform the administrative actions allowed by the scopes on the token, whether or not they would be able to do such actions without the token.

Choose an appropriate authentication method

You should choose an authentication method that is appropriate for the task you want to accomplish.

To use the API for personal use, you can either create an API key or use an OAuth 2.0 client.
To use the API in an application, you should always use an OAuth 2.0 client.

If you want your application to be able to perform any administrative actions (manage users, etc.), you'll need to use account tokens. User tokens can't be used to perform actions like managing users on an account, even if the user the token represents is an admin with permission to manage users. To perform such actions, an account token must be created. For this reason, not all scopes are valid for all token types; some scopes are only valid for user tokens, and some are only valid for account tokens.

Privacy
Legal
Cookie privacy choices
Cookie policy