Making your first API call

Once your integration is set up, you are ready to start making API calls to Attio.

Using access tokens

Every API call to Attio must be authenticated, and all requests happen over HTTPS. Your access token must be included in the Authorization header using the Bearer scheme, like so:

GET /v2/objects
Authorization: Bearer your-access-token


Basic Authentication support

We also support HTTP Basic Authentication, where the username is the token and the password is left blank, e.g your-access-token: is encoded as:

Authorization: Basic eW91ci1hY2Nlc3MtdG9rZW46

However, we recommend using Bearer authentication where possible.

You can find an initial access token under Access tokens section of your integration page.

Content types

By default, all interactions with the Attio API happen using JSON. When making POST, PATCH or PUT requests, you should set the Content-Type: application/json header. Our responses will always be in JSON.

Getting a list of available objects

Just to test that everything is working, let's make an API call to list the objects in your workspace:

curl -H "Authorization: Bearer <<oauth2>>"

If everything is working well, you should see something like this:

  "data": [
      "id": {
        "workspace_id": "14beef7a-99f7-4534-a87e-70b564330a4c",
        "object_id": "4e71c40b-7d35-463c-afcb-e339cfd6dbd1"
      "api_slug": "people",
      "singular_noun": "Person",
      "plural_noun": "People",
      "created_at": "2023-03-20T17:15:49.140000000Z"
      "id": {
        "workspace_id": "14beef7a-99f7-4534-a87e-70b564330a4c",
        "object_id": "9337b45e-9286-44cd-94f5-cd4510a50712"
      "api_slug": "companies",
      "singular_noun": "Company",
      "plural_noun": "Companies",
      "created_at": "2023-03-20T17:15:49.082000000Z"

Now that we're up and running, next let's learn some more about the various concepts you'll encounter in our API.