API authentication
OAuth 2.0 flow and private integration tokens.
5 min read Updated 2026-04-24
Private Integration Token
- 1Settings → API → Create PITName it for the script using it.
- 2Pick scopesGranular — contacts.read, opportunities.write, etc.
- 3Use as Bearer tokenAuthorization: Bearer <token> on every request.
OAuth 2.0 (for apps)
- Register app in Marketplace.
- Client ID and secret issued.
- Users install via /oauth/authorize.
- Authorization code exchange for access + refresh tokens.
- Refresh tokens rotate on use.