Open Api > Integrate with Tallyfy using the API
API usage as a third-party application instead of a user
This guide explains how to integrate your application with Tallyfy using the client credentials flow. This allows your application to make API requests on behalf of your users.
This integration pattern is useful for organizations that want to:
- Embed Tallyfy functionality within their own software
- Provide integrated workflow capabilities to their users
- Automate process management for clients or employees
- Maintain an integrated user experience in their application
- Handle user provisioning programmatically
- Paid Tallyfy Professional or Enterprise subscription
- Client credentials (client ID and secret) from Tallyfy
- Basic understanding of OAuth 2.0 client credentials flow
- Development environment for testing API integration
- Contact Tallyfy Support to request client credentials for your organization
- Provide details about your integration use case and requirements
- Tallyfy will provision a client ID and secret specific to your organization
- Store these credentials securely in your application environment
To authenticate your application with Tallyfy, you must first obtain an application-level access token:
POST https://account.tallyfy.com/oauth/token
Request Body:
{ "client_id": 12345, "client_secret": "hTWzy5rpYXcBn8K4J9PqEs2V...", "grant_type": "client_credentials", "scope": "*"}
Response:
{ "token_type": "Bearer", "expires_in": 3600, "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}
With your application access token, you can create and manage users in your Tallyfy organization:
POST https://go.tallyfy.com/api/applications/{orgID}/users
Headers:
Authorization: Bearer {your_app_access_token}Content-Type: application/jsonX-Tallyfy-Client: APIClient
Request Body:
{ "first_name": "John", "last_name": "Smith", "email": "john.smith@yourcompany.com", "role": "standard", "timezone": "America/Chicago"}
Available Roles:
admin
- Full organization administration accessstandard
- Regular user with process creation capabilitieslight
- Limited user who can only complete assigned tasks
Response:
{ "id": 12345, "email": "john.smith@yourcompany.com", "first_name": "John", "last_name": "Smith", "role": "standard", "created_at": "2023-05-15T14:22:10.000Z"}
To perform actions on behalf of a specific user, you need to obtain a user-specific token:
POST https://go.tallyfy.com/api/applications/{orgID}/users/{email}/token
Headers:
Authorization: Bearer {your_app_access_token}Content-Type: application/jsonX-Tallyfy-Client: APIClient
Response:
{ "token_type": "Bearer", "expires_in": 3600, "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}
Use the user-specific token to make API requests as if they were made by the user:
GET https://go.tallyfy.com/api/organizations/{orgID}/me/tasks
Headers:
Authorization: Bearer {user_specific_access_token}Content-Type: application/jsonX-Tallyfy-Client: APIClient
When implementing on-behalf-of API access:
- Store client credentials in secure, encrypted storage
- Implement proper access controls to user tokens
- Rotate secrets periodically according to your security policies
- Validate that user emails belong to your organization before requesting tokens
- Use HTTPS for all API communication
- Implement token expiration handling and refresh logic
Error | Description | Solution |
---|---|---|
401 Unauthorized | Invalid client credentials | Verify client ID and secret |
403 Forbidden | Insufficient permissions | Ensure the client has appropriate scopes |
404 Not Found | User not found | Verify the user email and organization ID |
429 Too Many Requests | Rate limit exceeded | Implement request throttling and retries |
For assistance with this integration, contact Tallyfy Support with specific details about your use case and any error messages encountered.
Open Api > API usage as a third-party application instead of a user
Open Api > OAuth authorization flow for third-party applications
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks