1. API Token (Personal Access Token)

Use this if you're:

2. OAuth 2.0 (Authorization Code)

Use this if you’re:

Use this if you’re:

Running a fully backend integration with no user-facing UI
Automating backend-to-backend jobs or pipelines
Acting on behalf of specific users in your Productboard workspace (e.g. syncing data as them for permissioning or audit)

Here’s a quick guide:

Use case	Recommended method
Simple scripts or internal tools	API Token
Public apps with user sign-in and consent	OAuth 2.0 (Authorization Code)
Backend automation acting as specific users	OAuth Server-to-Server (JWT)

→ Still not sure? Start with API Token for the fastest setup.

All methods require the Authorization header:

Authorization: Bearer <your-token>

Example with curl:

curl -X GET "https://api.productboard.com/v2/notes" \
  -H "Authorization: Bearer <your-token>" \
  -H "Accept: application/json"

If you receive a 401 Unauthorized response: