Skip to main content

Conjure API

You can build apps, integrations and hacks using the same API Conjure is built on. Conjure's API is still evolving, we try avoid breaking changes, but they may happen.


To authenticate on Conjure's API, the following approaches are available:

  • Personal Access Tokens: easily generate an access token for personal use
  • OAuth Application: create an application, with scoped permissions, to obtain access tokens from users

You can see your Personal Access Tokens and Applications in Settings > API.

Reset Passwords

When a user resets their password, they are signed out of Conjure everywhere, however their personal and OAuth application access tokens are not affected and remain valid.


  • Personal Access Tokens are prefixed with cnjrp_
  • OAuth Application Access Tokens are prefixed with cnjro_
  • OAuth Application Client Ids are prefixed with oci_
  • OAuth Application Secret Keys are prefixed with ocs_


A user can only have a maximum of 10 access tokens for the same application and scopes at any given time. If a request is made for an 11th access token from your app with the same scopes, the oldest token will automatically be revoked.


Conjure's API is GraphQL based. You can read more about it in Getting Started.


  • Authorization: Use this header for authenticating requests, with the value in the following format Bearer YOUR_ACCESS_TOKEN

  • X-Timezone-Offset: If you want to consider timezone on certain requests (eg creating a measurement), you may want to pass this header with the value being the timezone offset in seconds (eg UTC is 0, EST which is UTC−05:00 is -18000). If X-Timezone-Offset is not provided, the timezone on the user's profile will be used.

Webhooks & Events

Conjure's webhook API for receiving events (such as habit completions, new measurements, objective progression and so on) is still under development.