Authentication & scopes

Bearer tokens

Every endpoint requires a bearer access token in the Authorization header.

Authorization: Bearer eyJ0eXAiOiJKV1Qi...

How to get an API key

In the ThriveDesk web app, open Settings → Integrations → API Keys and create a new key. Give it a name so you can identify it later. The plaintext key is shown once on creation and cannot be retrieved again. Copy it immediately and store it in your secrets manager.

Keys are workspace-scoped and grant full access to the API surface documented here. They expire one year after creation; rotation is done by revoking the old key from the same screen and issuing a new one.

Integrations should never collect a user's ThriveDesk email and password to obtain a key on their behalf. If you are building an integration that needs to act across multiple workspaces, contact help@thrivedesk.com.

Scopes

Today every API key has full access to the documented surface. The create-key form also exposes a Restricted Access option, which is not yet enabled and is reserved for a future release. Per-operation scopes are not configurable yet.