Authorization¶
The Gamma API uses OAuth 2.0 for authorization. It supports two OAuth 2.0 authorization flows:
Authorization Flows¶
Authorization Code Flow¶
This flow is used when consent from the user is required, such as when authenticating a user. This section describes how to use the authorization code flow with Gamma. For more details about the flow itself, see this article by Auth0.
Scopes¶
Client scopes are sent to Gamma in the authorization URL as the scope query
parameter. Scopes allow a client to access personal information of users.
Clients must use all scopes which they have, or else a
mismatched scopes error will be presented to
the user. All clients have the openid and profile scopes by default and the
email scope if the client was created with the
Include email scope option.
| Scope | Gives access to |
|---|---|
openid |
OpenID information like user ID and JWT properties. |
profile |
Profile information like CID and names. |
email |
The user's email. |
Client Credentials Flow¶
This section describes how to use the client credentials flow with Gamma. For more details about the flow itself, see this article by Auth0
The Client Credentials Flow uses an API key to authorize requests to Gamma
without a user having to log in. When a client is created with the
Generate api key option an API key is
generated. All API keys have an ID and a key which together are sent in the
Authorization header to authenticate the client. The API key is sent in the
following format:
Last modified on: 2026-04-10 16:32:25