The Height API is a REST API accessible through HTTPs. All endpoints return JSON-encoded responses and uses standard HTTP response codes and verbs.


You should authenticate using OAuth if any of these are true:

Use the API key when developing internal tools for your own workspace.

API calls authenticated with this key will act on behalf of a Height bot and will only have access to resources available to all members in the workspace.


OAuth provides a way for external applications to access Height’s API primarily as a bot user with access to member permissions.

Height uses the authorization code grant flow (see the OAuth2 spec ) in which an application should send the user to Height’s authorization endpoint to ask for permission to access their Height workspace. If granted, the app will receive a redirect with a code that can be exchanged for an access token. This token can be used in the Authorization header to make Height API calls on behalf of the user.

Check out our documentation:

OAuth Apps on Height

API key

The Height API uses API keys to authenticate requests. You can view your API key in the Height settings under API.

Authentication to the API is performed via the Authorization header. All API requests should be made over HTTPs.