Authentication
Authenticate with the Product Hunt API using OAuth 2.0. Choose between user authentication for user-specific access or client-only authentication for public data.
Authentication methods
The Product Hunt API supports two OAuth 2.0 authentication flows:
- User authentication - Get a token on behalf of a user to access user-specific data and perform actions on behalf of the user.
- Client-only authentication - Get a token without user context for server-to-server integrations and public data access.
User authentication flow
User authentication allows your application to access user-specific data and perform actions on behalf of the user. This flow requires the user to grant permission.
Step 1: Request authorization
Redirect the user to the OAuth authorize endpoint:
https://api.producthunt.com/v2/oauth/authorize?
client_id=YOUR_CLIENT_ID&
redirect_uri=YOUR_REDIRECT_URI&
response_type=code&
scope=public+private
| Parameter | Description |
|---|---|
client_id | Your application's client ID from the API dashboard |
redirect_uri | The URL where the user will be redirected after granting permission |
response_type | Must be code |
scope | Space-separated list of scopes: public, private, write |
Step 2: Handle the redirect
After the user grants permission, they are redirected to your redirect_uri with an authorization code:
https://your-app.com/callback?code=AUTHORIZATION_CODE
Step 3: Exchange code for token
Exchange the authorization code for an access token by making a POST request to the token endpoint:
curl -X POST https://api.producthunt.com/v2/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "code=AUTHORIZATION_CODE" \
-d "grant_type=authorization_code"
The response includes your access token:
{
"access_token": "YOUR_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 86400
}
Step 4: Use the token
Add the access token to the Authorization header of your API requests:
curl https://api.producthunt.com/v2/api/graphql \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-d '{"query": "{ viewer { id name } }"}'
Client-only authentication flow
Client-only authentication allows your application to access public data without user context. This is useful for server-to-server integrations and accessing public data before a user logs in.
Step 1: Request a client token
Make a POST request to the token endpoint with your client credentials:
curl -X POST https://api.producthunt.com/v2/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "grant_type=client_credentials"
The response includes your access token:
{
"access_token": "YOUR_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 86400
}
Step 2: Use the token
Add the access token to the Authorization header of your API requests:
curl https://api.producthunt.com/v2/api/graphql \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-d '{"query": "{ products { edges { node { id name } } } }"}'
Client-only tokens only have access to public endpoints. You cannot access user-specific data with a client-only token.
Developer token
For quick scripts and testing, you can use a developer token. Developer tokens are linked to your account, don't expire, and can be used immediately without going through the OAuth flow.
To generate a developer token:
- Visit the API dashboard.
- Click Create an application.
- Fill in your application details.
- Copy your developer token.
Use the developer token in your API requests:
curl https://api.producthunt.com/v2/api/graphql \
-H "Authorization: Bearer YOUR_DEVELOPER_TOKEN" \
-d '{"query": "{ viewer { id name } }"}'
API scopes
When requesting user authentication, you can request specific scopes to limit your application's access:
| Scope | Description |
|---|---|
public | Access public information on Product Hunt (default) |
private | Access user-specific data like goals and preferences |
write | Perform actions on behalf of the user |
By default, all applications have the public scope. To request private or write access, contact hello@producthunt.com with details about your use case.
Error handling
If authentication fails, the API returns an error response:
{
"errors": [
{
"message": "Invalid access token"
}
]
}
Common authentication errors:
| Error | Cause | Solution |
|---|---|---|
| Invalid access token | Token is expired or malformed | Generate a new token |
| Unauthorized | Token doesn't have required scope | Request additional scopes |
| Invalid client credentials | Client ID or secret is incorrect | Check your API dashboard |
Never commit your client secret or access tokens to version control. Use environment variables or a secrets manager to store sensitive credentials.
See also
- API overview, introduction to the Product Hunt API
- Rate limits, understand API rate limiting