Authentication methods

Every Tallyfy API request needs authentication. Pick the method that fits your use case:

• Personal access token — grab your token from Settings > Integrations > REST API in Tallyfy and pass it in the Authorization header. Tokens last 6 months and act as the logged-in user. Best for scripts, testing, and quick integrations.
• Client credentials flow — use a client_id and client_secret (provided by Tallyfy Support) to get an application-level token via POST https://go.tallyfy.com/oauth/token. App tokens last 7 days. Best for backend services that don’t need a user session.

Required headers

Include these three headers on every API call:

Header	Value
Authorization	Bearer {access_token}
Accept	application/json
X-Tallyfy-Client	APIClient

Omitting X-Tallyfy-Client or Accept will cause requests to fail.

• Get & use a personal access token
• Use the client credentials flow

Related articles

Authentication > Get & use a personal access token

Authenticate with Tallyfy’s API using a personal access token from Settings > Integrations >…

Authentication > Use the client credentials flow

Tallyfy’s OAuth 2.0 client credentials flow lets backend services authenticate without user…

Open Api > API integration guide

Tallyfy’s REST API lets you connect workflow features to external systems using OAuth 2.0…

Integrations > Open API

Tallyfy’s REST API gives developers full programmatic access to the same platform features that…

Was this helpful?

YesNo