Authentication

Authentication methods by integration type

• Partners: Use OAuth 2.0 Authorization Code Grant Type.
• Custom integrations: Use OAuth 2.0 Client Credentials Flow.
  Add sub in the body with a user_id to identify the authorizing user.

Transition period: v1/v2 to v3

During the deprecation period, Greenhouse will support existing API credentials with the following methods:

• V1/V2: Basic authentication remains available.
• V3: Requires Bearer Authorization over HTTPS, using a valid JWT access token.

To generate a JWT access token for Harvest V3:

1. Obtain a Harvest API credential.
2. Use the endpoint POST: Generate access_token to retrieve the token.
3. Use the token as a bearer in your requests.

Example:

Authorization: Bearer \<access_token>

Harvest v3 official authentication method

You can create an OAuth credentials for Harvest API in the API Credentials page. Click Create new API credentials and find Harvest V3 (OAuth) and after saving the credentials, you can manage scopes accordingly.

When editing an API Credential, you will be able to manually rotate secrets. After rotation, old secrets will be available for up to 1 week. You can delete the old secret ahead of the scheduled deletion if desired.

With OAuth credentials, you can authenticate using the POST: Generate token endpoint here. You will need to add a grant_type value of client_credentials in the case of custom integrations.

After v1 and v2 endpoints are deprecated, OAuth will be the only supported authentication method for the Harvest API. Transition early to avoid disruptions.