You can build apps, integrations and hacks using the same API Conjure is built on. Conjure's API is still evolving, we try avoid breaking changes, but they may happen.
To authenticate on Conjure's API, the following approaches are available:
- Personal Access Tokens: easily generate an access token for personal use
- OAuth Application: create an application, with scoped permissions, to obtain access tokens from users
You can see your Personal Access Tokens and Applications in Settings > API.
When a user resets their password, they are signed out of Conjure everywhere, however their personal and OAuth application access tokens are not affected and remain valid.
- Personal Access Tokens are prefixed with
- OAuth Application Access Tokens are prefixed with
- OAuth Application Client Ids are prefixed with
- OAuth Application Secret Keys are prefixed with
A user can only have a maximum of 10 access tokens for the same application and scopes at any given time. If a request is made for an 11th access token from your app with the same scopes, the oldest token will automatically be revoked.
Conjure's API is GraphQL based. You can read more about it in Getting Started.
Authorization: Use this header for authenticating requests, with the value in the following format
X-Timezone-Offset: If you want to consider timezone on certain requests (eg creating a measurement), you may want to pass this header with the value being the timezone offset in seconds (eg UTC is
0, EST which is UTC−05:00 is
X-Timezone-Offsetis not provided, the timezone on the user's profile will be used.
Webhooks & Events
Conjure's webhook API for receiving events (such as habit completions, new measurements, objective progression and so on) is still under development.