For Client-Side Applications

Harvest uses the Implicit Grant flow for client-side authorization.

1. Redirect users to Harvest to authorize their accounts with your application.

GET{client ID}&

To limit access to a single Harvest account, you can specify a specific web address in place of

2. Get the access token when Harvest redirects back to your application. Harvest sends it to your redirect URI as a hash parameter.

GET{access token}&expires_in=64799&state=optional-csrf-token&token_type=bearer

3. Use the access token to send authorized requests to the Harvest API.

Note: the Content-Type and Accept headers for this request must be application/json or application/xml.

GET{access token}