Starting August 4, 2025, all API requests must use OAuth 2.0 with the client credentials flow. We’ll no longer support basic authentication.

This change improves your integration's security and helps us provide a more consistent experience across platforms.

Key changes

grant_typein query string : Must now be included in the request body as application/x-www-form-urlencoded instead of being in the query string. See RFC 6749 §3.2.
access_tokenin query string : Must now be passed via the Authorization header Authorization: Bearer abc123, not query parameters. See RFC 6750 §2.3.
Client credentials: Must be URL-encoded before Base64 encoding. For example, the plus sign (+) should be encoded as %2B. See RFC 6749 §2.3.1.

📘
Important:
Update your integration before August 15, 2025 to avoid disruptions.