The Attio API uses access tokens keys to identify and authorise calls to the developer API.
Tokens can be generated in your Workspace settings. See this guide for more information on how to generate access tokens. Your API keys are able to authenticate to Attio and perform actions on your account so it's important that you keep them safe in the same way that you would a password.
If you are building an integration for other Workspaces to use, we also provide OAuth flows for the Attio API. Please contact us for more information.
We accept both Bearer and Basic HTTP Authentication. We recommend using Bearer Authentication.
If you are using HTTP Basic Authentication, you should provide your API key as the Basic Authentication username. You can safely leave the password blank.
If you are using HTTP Bearer Authentication you should provide your API key in the Authorization header as the Bearer value.
To keep your API key secure you should always connect to the Attio API using HTTPS.
Attio uses scopes to limit the access your integrations have to our API.
You can configure which scopes your integration access to has in your Workspace settings.
An access token can only be used on the endpoints which it has been scoped for. Attempting to use an insufficiently scoped token will result in an authorization error.
Please note, all scopes are disabled by default, so new tokens will always need to set at least some scopes.