Skip to main content
The HoopAI Platform API uses OAuth 2.0 for authentication. All API requests must include a valid Bearer access token obtained through the Authorization Code flow.

How it works

1

Register a Marketplace app

Create an app in the HoopAI Marketplace to receive your client_id and client_secret.
2

Redirect user to authorize

Send the user to the authorization URL with the scopes your app needs.
3

Exchange code for tokens

After the user authorizes, exchange the code for an access token and refresh token.
4

Call the API

Include the access token as a Bearer token in every API request.

Required headers

Every API request must include these two headers: 
Authorization: Bearer <access_token>
Version: 2021-07-28
The Version header pins the API to a stable version. Always send 2021-07-28.

Token lifetime

TokenLifetime
Access token24 hours
Refresh tokenDoes not expire (revoked on re-auth)
Refresh your access token before it expires using the token endpoint — see Authorization for details.

Response fields

Every API response includes a traceId field — a unique identifier for the request. Include it when filing support tickets or debugging issues. 
{
  "traceId": "e4b90b80-5a39-11ef-8d8a-0242ac120002",
  "data": { ... }
}

Rate limits

ScopeLimit
Per sub-account100 requests / 10 seconds
Token endpoint5 requests / minute
When you exceed a limit, the API returns 429 Too Many Requests. Use exponential backoff.

Next steps

Authorization flow

Step-by-step guide to obtaining tokens

Scopes reference

Full list of available permission scopes
Last modified on March 4, 2026