Skip to main content
All API requests must include a bearer token in the Authorization header:

Personal access tokens

The simplest way to authenticate is with a personal access token. Generate one from your dashboard settings.
1

Go to Settings

Navigate to Settings > Personal Access Tokens in the Plugchoice dashboard.
2

Create a token

Click Create Token, give it a descriptive name, and copy the token value. The token is only shown once.
3

Use the token

Include the token in the Authorization header of your API requests.

OAuth 2.0

For third-party integrations, Plugchoice supports OAuth 2.0. The following grant types are available:

Authorization code flow

1

Redirect to authorize

Redirect the user to the authorization endpoint:
2

Exchange code for token

After the user grants access, exchange the authorization code for tokens:
3

Use the access token

Use the returned access_token in the Authorization header:

Client credentials flow

For server-to-server integrations that don’t require user authorization:

Refreshing tokens

Use a refresh token to obtain a new access token:

Revoking tokens

Revoke an authorized access token when it’s no longer needed by deleting it by ID:
Keep your client secret confidential. Never expose it in client-side code or public repositories.