Connecting securely to SafetyCulture's API

The API requires an authorization token for each request. A token can be generated from your SafetyCulture account.


Please note that API tokens expire after 30 days of inactivity, at which point you would need to generate a new token to use. If a token is used to make API requests within that period, then it would not expire unless it's made invalid from new tokens.

Once you've obtained a token, it needs to be passed in the Authorization header on requests to the API. For example, Authorization: Bearer b7f8f791...f26e554d.

The SafetyCulture API uses OAuth 2.0 as the means of authorization for individual requests. The initial authorization uses the Resource Owner Password Credentials Grant method and currently doesn't support any other flows.

The token used by the API is a Bearer token. It should be considered as a "personal access token" that you control yourself, for your own SafetyCulture account. A pre-registered client ID and secret are not required to create an authorization token.