OAuth applications

To activate and configure oauth applications, navigate to -> Administration -> Authentication and choose -> Oauth applications.

Add a new authentication application for oauth

To add a new oauth application, click the green + Add button.


You can configure the following options to add your oauth application.

  1. Enter the name of your oauth application.
  2. Define redirect URLs where authorized users can be redirected to.
  3. Check if the application will be used confidentially.
  4. Choose client credential flows and define a user on whose behalf requests will be performed.
  5. Press the blue Create button to add your oauth application.


Oauth endpoints

The authentication endpoints are at

  • Auth URL: https://example.com/oauth/authorize
  • Access Token URL: https://example.com/oauth/token

Performing request to the OpenProject API with OAuth token

The following CURL command fetches all projects from the API V3:

curl --location --request GET 'https://example.com/api/v3/projects' --header 'Authorization: Bearer <your-access-token>'

Using Postman with oauth?

Set redirect URLs to urn:ietf:wg:oauth:2.0:oob in both, for your application (see step 2 above) and within Postman.

In Postman the configuration should look like this (Replace {{protocolHostPort}} with your host, i.e. https://example.com)


CORS headers

By default, the OpenProject API is not responding with any CORS headers. If you want to allow cross-domain AJAX calls against your OpenProject instance, you need to enable CORS headers being returned.

Please see our API settings documentation on how to selectively enable CORS.