Now that you have an Access Token you can use it to make API requests on behalf of the Team, until it expires.

Provide the Access Token unmodified as a Bearer token in the Authorization HTTP header, like this:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJDYW5v…

🚧
When using the Authorization header you must not also send the x-canopy-client-id or x-canopy-client-secret headers. They are used when making API calls for your own Team and will cause the Authorization header to be ignored.

Scopes

The APIs you can call with an Access Token depend on which scopes you listed in the Authorization request.

The following APIs are currently available:

API Endpoint	Require Scope(s)
`GET /pulls/:pullId`	`read:pulls`
`GET /pulls`	`read:pulls`
`GET /:documentId/pdf`	`read:pulls`
`GET /webhooks`	`read:webhooks`
`POST /webhooks`	`write:webhooks`
`PATCH /webhook/:webhookId`	`write:webhooks`
`DELETE /webhook/:webhookId`	`write:webhooks`
`GET /widgets`	`read:widgets`

Caveats

Webhooks

You will only be able to view, create, update, and delete webhooks that were originally created by your App.