Skip to main content

Authorization

HighLevel supports the Authorization Code Grant flow with v2 APIs. Please find the step-by-step procedure to use and understand the OAuth 2.0 flow.

Here's a Loom Video to walk you through the entire process.

1. Register an OAuth app

  1. Go to the Marketplace
  2. Sign up for a developer account.
  3. Go to "My Apps," and click on "Create App."
  4. Fill up the required details in the form, then your app will be created.
  5. Click on the app, and it will take you to settings where you can configure the scopes, generate the keys, etc.

2. Add the app to your desired location

  1. Make the location/agency Admin go to the app's Authorization Page URL.
  2. They select the location they want to connect.
  3. They are redirected to the redirect URL with the Authorization Code.
  4. Use the Authorization Code to get the Access token via the Get Access Token API under OAuth 2.0.
  5. Use the Access Token to call any API.

3. Get the app's Authorization Page URL

To generate the Authorization Page URL for an app, replace the client_id, redirect_uri, and scope in the template below. Then, redirect the location/agency admin trying to install your app to the URL.

  1. For standard Auth URL flow:
https://marketplace.gohighlevel.com/oauth/chooselocation?
response_type=code&
redirect_uri=https://myapp.com/oauth/callback/gohighlevel&
client_id=CLIENT_ID&
scope=conversations/message.readonly conversations/message.write
  1. For White-labeled Auth URL flow:
https://marketplace.leadconnectorhq.com/oauth/chooselocation?
response_type=code&
redirect_uri=https://myapp.com/oauth/callback/gohighlevel&
client_id=CLIENT_ID&
scope=conversations/message.readonly conversations/message.write

NOTE: For the users who are not logged in to the application at the time of giving consent, developer has option to initiate login in new tab or in same tab. For initiating login in same tab, developer need to append &loginWindowOpenMode=self to authorization url. If the query param not passed, login in new tab would be default.

When a user grants access, their browser is redirected to the specified redirect URI, and the Authorization Code is passed inside the code query parameter.

https://myapp.com/oauth/callback/gohighlevel?code=7676cjcbdc6t76cdcbkjcd09821jknnkj