API authentication changes: access_token query parameter sunset

We will be sunsetting the option to authenticate API requests with the access_token query parameter this year. Instead, API requests should be authenticated via the Authorization: Bearer header.

To help our developers plan for and test against this update, we will be deploying this change to Sandbox on January 12, 2022 during our scheduled maintenance window (starting 3:00 PM PST). After this time, any requests still using the access_token query parameter for authentication will return a 401 Unauthorized response.

We will sunset the access_token query parameter for Production environments February 28, 2022. Please test your apps in Sandbox to ensure they are unaffected by this change before then.

For more information about sunsetting a query parameter, refer to Change is Coming: API Authentication.


Did this page help you?