Authentication

All Mojave API requests must be authenticated using a bearer token. Tokens must be included in the Authorizationheader of each request.

You can use Personal API Tokens or OAuth 2.0 access tokens depending on your use case.

API Token Authentication

To authenticate using a personal API token, include the token in the request header like this:

bashCopyEditAuthorization: Bearer YOUR_API_TOKEN

Example request:

bashCopyEditcurl -X GET https://api.mojaveapp.com/v1/me \
  -H "Authorization: Bearer YOUR_API_TOKEN"

If the token is valid, you will receive the authenticated user’s details in the response.

OAuth 2.0 Authentication

For public or user-facing integrations, use the OAuth 2.0 flow to obtain access tokens.

The general flow is:

1. Redirect users to Mojave's authorization URL.

2. Mojave redirects back with a temporary code.

3. Exchange the code for an access token using your client credentials.

4. Use the access token in the Authorization header.

Token example:

Token Scope and Expiration

• API tokens do not expire unless manually revoked.

• OAuth tokens expire and must be refreshed using a refresh token.

• All tokens are workspace-scoped and role-sensitive.

Common Errors