The Grain Public API is still in beta. Developer access is limited to select partners. Please reach out to support for more questions.
Grain supports two methods for authentication: OAuth2 for developers building 3rd-party integrations and Personal Access Tokens (currently limited to Enterprise tier) for internal workspace usage. Personal Access Tokens can be obtained here for users with sufficient access.
This authentication method is for developers building integrations with Grain to be used by any Grain users. The API supports a standard OAuth2 Authorization Code flow, including the PKCE extension for client-side only authentication. A redirect URI prefix is required to register a new client. For browser-based client applications, a list of CORS origins can also be added.
Obtain the client_id and client_secret (only for server-side applications) credentials.
Open the url https://grain.com/_/public-api/oauth2/authorize with the following query params:
client_idredirect_uri - must be prefixed by the registered redirect URI prefix.response_type - must be code.code_challenge - only required for client-side applications. A random string hashed with SHA256 and base64 URL encoded.code_challenge_method - only required for client-side applications. Must be S256.If the user is not already signed in to Grain, they will be prompted to sign in.
Once signed in, the user will be redirected to redirect_uri from step 2 with the code query param.
Make a POST request to https://api.grain.com/_/public-api/oauth2/token with the following params:
grant_type - must be authorization_codeclient_id