Authentication
All API requests require a Bearer token in the Authorization header:
Authorization: Bearer {access_token}
Quickstart: Access Token via Dashboard
The fastest way to get started is to create a long-lived access token directly in the admin dashboard:
- Go to Organization Settings → API
- Create a new access token and select the scopes you need
- Copy the token and use it in your API requests
This is the recommended approach for server-side integrations and scripts.
Integration Connectors
For no-code/low-code integrations, anny provides native connectors for Make.com and n8n. These handle authentication automatically — no manual token management needed.
OAuth2 Authorization Code Flow
Note: A custom OAuth2 Client ID is a special case. Contact support@anny.co with your use case to request one.
For applications that need user-delegated access, anny supports the standard OAuth2 Authorization Code Flow (with optional PKCE for public clients).
Step 1 — Authorization Request
Redirect the user to the authorization endpoint:
https://auth.anny.co/oauth/authorize?client_id={client_id}&response_type=code&redirect_uri={redirect_uri}&state={random_state}&scope=
For PKCE (mobile/SPA apps), also include code_challenge={challenge}&code_challenge_method=S256.
Step 2 — Code Exchange
After the user authorizes, exchange the callback code for tokens:
const response = await fetch('https://auth.anny.co/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
client_id: '{client_id}',
client_secret: '{client_secret}', // omit for PKCE
code: '{authorization_code}',
redirect_uri: '{redirect_uri}',
grant_type: 'authorization_code',
code_verifier: '{code_verifier}' // PKCE only
})
})
const { access_token, refresh_token, expiresIn } = await response.json()
Token Response
{
"access_token": "eyJ...",
"refresh_token": "def...",
"expiresIn": 1440,
"expiresAt": "2026-03-30T10:00:00+00:00"
}
Use refresh_token to obtain new access tokens before expiry.
