Authentication

The Marketplace API is predominantly open and does not require authentication for standard integrations.

In contrast, the HQ API is significantly more restricted and mandates authentication for all endpoints. Authentication is handled exclusively via OAuth 2.0, which is suitable for both user-level and system-level access, depending on the integration needs.

Whether you're developing a private integration for internal use or a public extension intended for distribution through the app store, OAuth 2.0 is the sole supported method of authenticating with the HQ API. This ensures a consistent, secure, and standards-based approach to authorization across all integration types.

The following section details the OAuth 2.0 flow and outlines specific use cases and implementation guidelines.