Public vs. User-authenticated calls

  1. Public access calls are made using your Client ID as a client_id GET parameter.
  2. User-authenticated calls are made using an access token sent in the header.

Making public calls

Add your Client ID (you can check your Client ID from the dashboard) as the client_id parameter with every public API call.

All public calls are GET requests. An example:

Making user-authenticated calls

To make a user-authenticated API call, you must obtain an access token first.

If you haven't already, we suggest you read our documentation about the OAuth 2.0 protocol and follow the User Authentication flow.

The Authorization Header

Every user-authenticated API request must contain an access token in the Authorization header. A sample HTTP request:

GET /2.0/users/USERNAME HTTP/1.1
Authorization: Bearer YOUR_ACCESS_TOKEN

An example using command-line cURL would look like:

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \

An example call using cURL in PHP, would look like:


$accessToken = 'YOUR_ACCESS_TOKEN';
$apiUrl = '';

$curl = curl_init($apiUrl);
curl_setopt($curl, CURLOPT_HTTPHEADER, ['Authorization: Bearer '.$accessToken]);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$json = curl_exec($curl);
if ($json) {
	$data = json_decode($json);
	echo "You found {$data->username}!";