Skip to main content

App Access Token

An app access token allows app developers to perform actions on behalf of a bot account or a specific member in the community using Tribe API. Bot accounts can perform all actions that a community admin can perform.

In order to generate app access token, first you should create an app.

note

Don't have an app yet? Follow the instructions here.

Generating access token#

note

You can only generate and use app access token on communities that the app is published AND installed on. If the app is not installed in the community the following requests will result in Forbidden response.

You can generate an app access token using the following GraphQL query and basic HTTP authentication:

POST https://{clientId}:{clientSecret}@app.tribe.so/graphql
query {
limitedToken(
context:NETWORK,
networkId: "{networkId}",
entityId: "{networkId}",
impersonateMemberId: "{memberId}"
) {
accessToken
}
}

You should replace {networkId} with your community ID and {memberId} with the ID of the member that you want to perform API requests on behalf of. {clientId} and {clientSecret} in the POST request should be replaced with your App's client ID and client secret as well.

note

Not providing impersonateMemberId will will generate access token for a bot account.

A request with real values will look like:

POST b93fa452-a49de953ea10:f7a14f1a7a17a7e5f717238ac6468f7e@app.tribe.so/graphql
query {
limitedToken(
context:NETWORK,
networkId: "CAx1mZ7I7a",
entityId: "CAx1mZ7I7a",
impersonateMemberId: "Dm12KzW34"
) {
accessToken
}
}

If your HTTP client doesn't support basic authentication using POST {clientId}:{clientSecret}@app.tribe.so/graphql method, then you can provide the credentials in the Authorization header field instead:

  1. Join the client ID and client secret with a single colon (:).

  2. Encode the resulting string in base64 representation.

  3. Prepend the base64-encoded string with Basic and a space and send it as the Authorization header:

    Authorization: Basic YjkzZmE0NTItYTQ5ZGU5NTNlYTEwOmY3YTE0ZjFhN2ExN2E3ZTVmNzE3MjM4YWM2NDY4Zjdl

Using the generated access token#

The limitedToken query results in the following response:

{
"data": {
"limitedToken": {
"accessToken": "..."
}
}
}

You should pass the provided accessToken in all GraphQL requests in the header as followed:

Authorization: Bearer {accessToken}