This is an HTTPS-only API and it uses OAuth 2.0 authorization, implementing Authorization Code and Client Credential flows. All requests have to be authenticated via the Authorization header:

curl -H "Authorization: Bearer f4f4994a875f461ca4d4708b9e027df4" \

Please note that you can choose to send data as JSON or form in all POST requests on this page, as long as the appropriate Content-Type header is included.

OAuth2 Application Keys

You need to create an OAuth2 application before you can use the API. Create one by navigating to your organization > Settings > API and click Create API Key.

Client Credentials Flow

With the Client Credentials flow it is possible to retrieve an access token directly using your application id and application secret:

curl -X POST \
    --data "grant_type=client_credentials" \
    --data "client_id={application_id}" \
    --data "client_secret={application_secret}"
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8


This token is valid for 2 hours and you should create a new one only after the existing token expires. Expiration will be indicated by the API responding with HTTP 401.