Skip to main content
The Sessionboard Public API supports two authentication methods:
  1. API Tokens — Long-lived tokens for server-to-server integrations and scripts
  2. OAuth 2.1 — For AI assistants (Claude, ChatGPT) and user-authorized connections
API tokens are scoped to your organization and can be generated from the Sessionboard admin dashboard.

Generate a Token

1

Open Organization Settings

Log in to the Sessionboard admin dashboard and navigate to Organization Settings from the sidebar.
2

Navigate to API Tokens

Select the API Tokens section within your organization settings.
3

Generate a New Token

Click Generate Token. Give the token a descriptive name and select the appropriate scopes for your use case.
4

Copy the Token

Copy the generated token immediately. For security reasons, the full token value is only displayed once. Store it securely in your application’s environment variables or secrets manager.

Using the Token

Include the token in the x-access-token header on every API request.
curl -X GET https://public-api.sessionboard.com/v1/events \
  -H "x-access-token: YOUR_TOKEN"
const response = await fetch('https://public-api.sessionboard.com/v1/events', {
  headers: {
    'x-access-token': 'YOUR_TOKEN'
  }
});

const data = await response.json();
import requests

response = requests.get(
    'https://public-api.sessionboard.com/v1/events',
    headers={'x-access-token': 'YOUR_TOKEN'}
)

data = response.json()
Keep your API tokens secure. Never commit tokens to source control, embed them in client-side code, or share them in public channels. If a token is compromised, revoke it immediately from the API Tokens settings page and generate a new one.

Token Scopes

API tokens can be granted specific scopes to control access:
ScopeTypeDescription
read:eventsReadAccess event data
read:sessionsReadAccess session data and list session file attachments
read:contactsReadAccess speaker and contact data
read:reportsReadAccess saved reports
read:dashboardsReadAccess dashboards
read:insightsReadAccess AI-powered insights and SbQL queries. Required for MCP.
read:transcriptionsReadAccess session transcriptions and recordings
read:mediaReadAccess uploaded media items and transcription status
write:sessionsWriteCreate, update, delete, and restore sessions; upload and manage session files
write:contactsWriteCreate, update, delete, and restore contacts
write:exhibitorsWriteCreate, update, delete, and restore exhibitors
write:sponsorsWriteCreate, update, delete, and restore sponsors
write:fieldsWriteCreate, update, and delete custom fields
write:metadataWriteCreate, update, and delete session metadata (rooms, tracks, etc.)
write:transcriptionsWriteCreate, update, and delete transcriptions and session recordings
write:mediaWriteUpload media files for automatic transcription
write:eventsWriteCreate, update, and delete agenda drafts, scheduling rules, personas, dashboards, widgets, and saved reports
Legacy tokens (empty scopes array) get all read scopes implicitly but do not get write access. When generating a token, select only the scopes your integration requires.Scoped read tokens must include the domain-specific read scope for each API area — for example, read:events alone does not grant access to transcription, media, or session file endpoints. Those require read:transcriptions, read:media, or read:sessions respectively.