All requests to the Productboard REST API v2 must be authenticated. We support three authentication methods to suit different use cases:
1. API Token (Personal Access Token)
Use this if you're:
- Making requests from a script, CLI, or server you control
- Building a private integration
- Just getting started and want the simplest setup
→ How to authenticate with an API token
2. OAuth 2.0 Authorization Code Flow
Use this if you're:
- Building a public or third-party integration
- Acting on behalf of multiple Productboard users
- Handling dynamic user consent and refreshable access tokens
→ Set up OAuth 2.0 Authorization Code Flow
3. OAuth 2.0 JWT Bearer Flow
Use this if you're:
- Running a fully backend integration with no user-facing UI
- Automating backend-to-backend jobs or pipelines
- Acting on behalf of specific users in your Productboard workspace (e.g. syncing data as them for permissioning or audit)
→ Use OAuth 2.0 with JWT Bearer
Not sure which one to choose?
Here’s a quick guide:
| Use case | Recommended method |
|---|---|
| Simple scripts or internal tools | API Token |
| Public apps with user sign-in and consent | OAuth 2.0 Authorization Code Flow |
| Backend automation acting as specific users | OAuth 2.0 JWT Bearer Flow |
→ Still not sure? Start with API Token for the fastest setup.
Passing the token in requests
All methods require the Authorization header:
Authorization: Bearer <your-token>Example with curl:
curl -X GET "https://api.productboard.com/v2/notes" \
-H "Authorization: Bearer <your-token>" \
-H "Accept: application/json"Troubleshooting
If you receive a 401 Unauthorized response:
- Check that your token is valid and not expired
- Make sure you're using the correct authentication flow
- Confirm that your request is going to the
/v2base URL