Getting Started

Authentication

The Core API uses API tokens to authenticate its user.

You MUST send the token for each request in the Authorization header. The token MUST be preceded by Bearer. See the Authorization header in the example request below.

curl --request GET \
  --url https://api2.frontapp.com/conversations/cnv_123/drafts
  --header 'Authorization: Bearer [REQUEST_TOKEN]'

There are two ways to get an API token — directly through the Front UI (Settings > Plugins & API > API) or via OAuth. If you’re just building an integration for your own Front instance or a single Front customer, or have a development instance you want to begin making requests with, read our How to create and revoke API tokens guide for information on how to generate an API token. For Partners looking to launch a public integration to all Front customers, if your integration can support OAuth you’ll want to check out our OAuth guide.

Scopes

When you create a Front API token, the scopes you choose will restrict what data it can access through the API. You can choose from the following scopes:

Scope name

Description

Shared resources

Access to all team resources. If you use multiple Teams, this option gives API access across all Teams.

Private resources

Access to private resources (individual channels, contacts, conversations, inboxes, messages, rules and tags) of your individual users. However, each user must also grant permission for the API to access their private resources in their individual preferences, or you can do this for them in the Teammates section.

Provisioning

Used to allow control over teammate access to teams and inboxes as well as manage shifts in the public API.

Auto-provisioning

Access to Front's SCIM server, which is used to sync users across various systems. You will only see the "Auto provisioning" option if you have an Enterprise plan.

Team: {Team name}

Access to team resources only for that particular Team. You will only see "Team" options if you have purchased the Teams feature for your Front account.

Private resource access

By default, individual resources are private and the API does not let you interact with them nor with their content.

However, a user has the ability to allow access to their individual resources from the API in their settings (Settings > My preferences > "Allow access to my individual resources via the API").

OAuth access

Integrations relying on OAuth all have the same scope: “Shared resources”, and at this time cannot request more permissive scopes. This means that integrations that use OAuth will be able to access all team resources (teams, contacts, conversations, team channels, inboxes, messages in team inboxes, team tags etc.). Check out our OAuth guide for more details.

❗️

Individual Resources and OAuth apps

Individual resources are accessible only to tokens that have been generated by Front. OAuth clients are not authorized to access them.


Did this page help you?