Using the OAuth 2.0 flow

Use OAuth 2.0 to get access tokens for other workspaces

If you're planning to let other workspaces use your integration, you'll need to setup OAuth 2.0 to be able to get access tokens for them.

Attio supports OAuth 2.0 using the Authorization Code Grant Flow (RFC 6749 section 4.1).

We recommend using a well-established library for making OAuth requests, because they apply many of the security recommendations added after the original OAuth protocol was released. You can find some library recommendations here.

For security reasons, new OAuth apps require publication approval before being usable across workspaces. While developing, your integration will be able to grant tokens for the workspace it is hosted in. When you're ready to publish your integration for wider user, please head to the settings page of your integration and click "request publication".

We strongly recommend hosting integrations in dedicated development Workspaces in order to maintain data integrity and ease the publication process.