Making API Requests

Now that you have an Access Token you can use it to make API requests on behalf of the Team, until it expires.

Provide the Access Token unmodified as a Bearer token in the Authorization HTTP header, like this:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJDYW5v…


When using the Authorization header you must not also send the x-canopy-client-id or x-canopy-client-secret headers. They are used when making API calls for your own Team and will cause the Authorization header to be ignored.


The APIs you can call with an Access Token depend on which scopes you listed in the Authorization request.

The following APIs are currently available:

API EndpointRequire Scope(s)
GET /pulls/:pullIdread:pulls
GET /pullsread:pulls
GET /:documentId/pdfread:pulls
GET /webhooksread:webhooks
POST /webhookswrite:webhooks
PATCH /webhook/:webhookIdwrite:webhooks
DELETE /webhook/:webhookIdwrite:webhooks
GET /widgetsread:widgets



You will only be able to view, create, update, and delete webhooks that were originally created by your App.