API

Authentication

API keys and device flow.

API keys

Used by the extension and automation
Sent via x-api-key header (or Authorization: ApiKey <token>)
Admins can disable API tokens globally or per user

Device flow

The extension uses device flow:

POST /api/v1/auth/device/authorize
POST /api/v1/auth/device/token

Example header

x-api-key: YOUR_KEY

GraphQL

GraphQL endpoint for core resources.

Integrations

Webhooks and outbound integrations.

On this page

API keys Device flow Example header