Please help us getting better, by sending us feedback and your questions! If you struggle with some details in the implementation or something is unclear, just drop us a line at

This documentation is in active development mode and will change frequently.


Authentication is taking place with the help of OAuth 2.0 on the API level. So you are able to use the API in the name of a user or an app itself.

OAuth 2

If you need any information about OAuth 2.0, we will extend this documentation. For now, please consult the official resources at

The following information will be provided by us:

  • Access Token URL: $base_url/oauth/token
  • Username: $username
  • Password: $password
  • Client ID: $client_id
  • Client Secret: $client_secret
  • Scope: me, app or basic

$username, $password, $client_id and $client_secret must be stored and transfered only via encrypted transport mechanisms.

In addition to the endpoint mentioned above, we also provide the following OAuth 2.0 related endpoints:

  • $base_url/oauth/authorize - Managing authorization code, following RFC 6749 (Examples: POST, DELETE)
  • $base_url/oauth/token - Managing Access token, following RFC 6749 (Examples: POST, DELETE)
  • $base_url/oauth/revoke - Revoking a token, following RFC 7009 (Example)
  • $base_url/oauth/introspect - OAuth 2.0 Token Introspection, following RFC 7662 (Example)
  • $base_url/oauth/token/info - Shows details about the token used for authentication (Example)


  • me - the endpoint requires an user access token
  • app - the endpoint requires an app access token
  • basic - the endpoint requires an app access token with the basic right

Supported grant flows

Please choose your required grant flow wisely and take special care of the user credentials.

For using the app scope on GraphQL you need to create an OAuth token with the client credentials grant flow.


Our APIs are following the specifications at

Please be aware that you need to send application/vnd.api+json as Content-Type for POST and PUT requests.


Each type of API is offering a Swagger based documentation. You can use this documentation during development. A link to the specific documentation can be found at the top of each API documentation.