OAuth2 Bearer Token


Please remember that OAuth2 is required for all public apps to be approved.

OAuth provides a secure way for your application to access Gorgias data without having to store or use sensitive data such as passwords/access tokens of Gorgias users. OAuth2 also provides more granular permissions via OAuth2 Scopes which further increases the security of our customers' data.

In OAuth2, the authentication is done using Bearer Access Tokens. Once you get them you can perform API calls like so:

curl --request GET \
  --url https://your-customer-account.gorgias.com/api/account \
  --header 'Authorization: Bearer YOUR-PLAIN-TEXT-ACCESS-TOKEN'


Access Token expiration

Please remember that OAuth Bearer Access Tokens expire after some time. This is done because sometimes applications only need temporary access to the API (e.g.: one time data import).
If your app needs permanent access you should request the offline scope described in OAuth2 Scopes and get a refresh_token that can be used to get a new access_token when the old one expires.