Authentication

To use the ClickUp API, you must authenticate every request.

For personal use, authenticate with your personal API token.

For apps or integrations that other people use, use the OAuth flow, allowing users to authorize Workspaces for your app.

Include the token in the Authorization header of your requests.

Both methods ensure that you and your users only have access to the information permitted by ClickUp.

Personal Token

Use a personal API token for individual or testing purposes. Personal tokens begin with pk_. Add the token to the Authorization header: Authorization: {personal_token}.

Tip

Test the API using a mock server or generate your own personal token.

Generate or regenerate a Personal API Token

  1. Log in to ClickUp.
  2. In the upper-right corner, click your avatar.
  3. Select Settings .
  4. In the sidebar, click Apps .
  5. Under API Token , click Generate or Regenerate .
  6. Click Copy to copy the personal token to your clipboard. Personal tokens never expire.

Build Apps for others - OAuth Flow

To allow others to use your app, implement the OAuth2 2.0 flow so each user has their own token for accessing their ClickUp resources.

OAuth resources and specs:

Note

OAuth tokens won't work with the Try-It feature in the API docs. Use your personal API key to test the API in the Try-It feature.

Step 1: Create an OAuth app

Only Workspace owners or admins can create OAuth apps.

  1. Log in to ClickUp.
  2. In the upper-right corner, click your avatar.
  3. Select Settings .
  4. In the sidebar, click Apps .
  5. Click Create new app .
  6. Name the app and add a redirect URL .
  7. You'll receive a client_id and secret .

Step 2: Retrieve an Authorization Code

Send users to the Authorization URL to connect their ClickUp account: https://app.clickup.com/api?client_id={client_id}&redirect_uri={redirect_uri}

You can also add a state parameter: https://app.clickup.com/api?client_id={client_id}&redirect_uri={redirect_uri}&state={state}

Note

Non-SSL redirect URIs may not be supported in the future.

Users will be redirected back to the redirect_uri with the authorization code after logging in.

Select Workspaces

token_teams Users can authorize one or more Workspaces. Use the Get Authorized Teams (Workspaces) endpoint to see which Workspaces are authorized. Redirect users to the authorization URL to modify Workspace permissions.

Step 3: Request a Token

Use the Get Access Token endpoint with client_id, client_secret, and code to get the access token. This token is used in the Authorization header for all API requests made on behalf of the user.

The access token currently does not expire. This is subject to change.

Our API v2 sample app shows how to implement the OAuth flow. Learn more about OAuth: