Now that you have an Access Token you can use it to make API requests on behalf of the Team, until it expires.
Provide the Access Token unmodified as a Bearer token in the Authorization HTTP header, like this:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJDYW5vā¦
When using the
Authorizationheader you must not also send thex-canopy-client-idorx-canopy-client-secretheaders. They are used when making API calls for your own Team and will cause theAuthorizationheader to be ignored.
Scopes
The APIs you can call with an Access Token depend on which scopes you listed in the Authorization request.
The following APIs are currently available:
| API Endpoint | Require Scope(s) |
|---|---|
GET /pulls/:pullId | read:pulls |
GET /pulls | read:pulls |
GET /:documentId/pdf | read:pulls |
GET /webhooks | read:webhooks |
POST /webhooks | write:webhooks |
PATCH /webhook/:webhookId | write:webhooks |
DELETE /webhook/:webhookId | write:webhooks |
GET /widgets | read:widgets |
Caveats
Webhooks
You will only be able to view, create, update, and delete webhooks that were originally created by your App.