When to Use OAuth
Register a Client
Twenty supports dynamic client registration per RFC 7591. No manual setup needed — register programmatically:Kapsamlar
| Scope | Erişim |
|---|---|
api | Full read/write access to the Core and Metadata APIs |
profile | Read the authenticated user’s profile information |
scope=api profile
Authorization Code Flow
Use this flow when your app acts on behalf of a Twenty user.1. Redirect the user to authorize
| Parametre | Zorunlu | Açıklama |
|---|---|---|
client_id | Evet | Your registered client ID |
response_type | Evet | Must be code |
redirect_uri | Evet | Must match a registered redirect URI |
scope | Hayır | Space-separated scopes (defaults to api) |
state | Önerilen | Random string to prevent CSRF attacks |
code_challenge | Önerilen | PKCE challenge (SHA-256 hash of verifier, base64url-encoded) |
code_challenge_method | Önerilen | Must be S256 when using PKCE |
2. Handle the callback
After authorization, Twenty redirects back to yourredirect_uri:
state matches what you sent.
3. Exchange the code for tokens
4. Use the access token
5. Refresh when expired
Client Credentials Flow
For server-to-server integrations with no user interaction:Server Discovery
Twenty publishes its OAuth configuration at a standard discovery endpoint:API Endpoints Summary
| Uç nokta | Amaç |
|---|---|
/.well-known/oauth-authorization-server | Server metadata discovery |
/oauth/register | Dynamic client registration |
/oauth/authorize | User authorization |
/oauth/token | Token exchange and refresh |
| Ortam | Temel URL |
|---|---|
| Bulut | https://api.twenty.com |
| Kendi Kendine Barındırma | https://{your-domain} |
OAuth vs API Keys
| API Anahtarları | OAuth | |
|---|---|---|
| Kurulum | Generate in Settings | Register a client, implement flow |
| User context | None (workspace-level) | Specific user’s permissions |
| En uygun | Scripts, internal tools | External apps, multi-user integrations |
| Token rotation | Manuel | Automatic via refresh tokens |
| Scoped access | Full API access | Granular via scopes |