Every Tallyfy API request needs authentication. Pick the method that fits your use case:
- Personal access token — grab your token from Settings > Integrations > REST API in Tallyfy and pass it in the
Authorization header. Tokens last 6 months and act as the logged-in user. Best for scripts, testing, and quick integrations.
- Client credentials flow — use a
client_id and client_secret (provided by Tallyfy Support) to get an application-level token via POST https://go.tallyfy.com/oauth/token. App tokens last 7 days. Best for backend services that don’t need a user session.
Include these three headers on every API call:
| Header | Value |
|---|
Authorization | Bearer {access_token} |
Accept | application/json |
X-Tallyfy-Client | APIClient |
Omitting X-Tallyfy-Client or Accept will cause requests to fail.
Authentication > Get & use a personal access token
Tallyfy’s API allows quick authentication using a personal access token found in Settings > Integrations > REST API which must be sent as a Bearer token alongside Accept and X-Tallyfy-Client headers on every request and expires after six months or immediately upon logging out of the web interface.
Integrations > Open API
Tallyfy’s REST API gives developers full programmatic access to the same platform features that power its web app — including process management and task operations and template control and data export — with three authentication methods and standard JSON responses and required headers for every request.
Authentication > Use the client credentials flow
Tallyfy’s OAuth 2.0 client credentials flow lets backend services and third-party apps authenticate without user login by obtaining a Client ID and Client Secret from Tallyfy Support and then exchanging them for application-level tokens (valid 7 days) or user-specific tokens (valid 3 months) to call the API on behalf of an organization or individual users.
Open Api > API integration guide
Tallyfy’s REST API enables you to connect workflow features to external systems using OAuth 2.0 authentication with required Bearer tokens and X-Tallyfy-Client headers while mapping API terminology like Checklists and Runs to their UI equivalents of Templates and Processes and handling token refresh and multi-organization context for reliable integrations.