Authentication
To use the ClickUp API, you must authenticate every request.
For personal use, authenticate with your personal API token.
For apps or integrations that other people use, use the OAuth flow, allowing users to authorize Workspaces for your app.
Include the token in the Authorization header of your requests.
Both methods ensure that you and your users only have access to the information permitted by ClickUp.
Personal Token
Use a personal API token for individual or testing purposes. Personal tokens begin with pk_
.
Add the token to the Authorization
header: Authorization: {personal_token}
.
Tip
Test the API using a mock server or generate your own personal token.
Generate or regenerate a Personal API Token
- Log in to ClickUp.
- In the upper-right corner, click your avatar.
- Select Settings .
- In the sidebar, click Apps .
- Under API Token , click Generate or Regenerate .
- Click Copy to copy the personal token to your clipboard. Personal tokens never expire.
Build Apps for others - OAuth Flow
To allow others to use your app, implement the OAuth2 2.0 flow so each user has their own token for accessing their ClickUp resources.
OAuth resources and specs:
- Authentication: OAuth 2.0
-
Grant Type:
Authorization Code
. Learn more . - Authorization URL: https://app.clickup.com/api
- Access Token URL: https://api.clickup.com/api/v2/oauth/token
Note
OAuth tokens won't work with the Try-It feature in the API docs. Use your personal API key to test the API in the Try-It feature.
Step 1: Create an OAuth app
Only Workspace owners or admins can create OAuth apps.
- Log in to ClickUp.
- In the upper-right corner, click your avatar.
- Select Settings .
- In the sidebar, click Apps .
- Click Create new app .
- Name the app and add a redirect URL .
-
You'll receive a
client_id
andsecret
.
Step 2: Retrieve an Authorization Code
Send users to the Authorization URL to connect their ClickUp account:
https://app.clickup.com/api?client_id={client_id}&redirect_uri={redirect_uri}
You can also add a state
parameter:
https://app.clickup.com/api?client_id={client_id}&redirect_uri={redirect_uri}&state={state}
Note
Non-SSL redirect URIs may not be supported in the future.
Users will be redirected back to the redirect_uri
with the authorization code after logging in.
Select Workspaces
Users can authorize one or more Workspaces. Use the Get Authorized Teams (Workspaces) endpoint to see which Workspaces are authorized. Redirect users to the authorization URL to modify Workspace permissions.
Step 3: Request a Token
Use the Get Access Token endpoint with client_id
, client_secret
, and code
to get the access token. This token is used in the Authorization
header for all API requests made on behalf of the user.
The access token currently does not expire. This is subject to change.
Our API v2 sample app shows how to implement the OAuth flow. Learn more about OAuth: