Authentication

The Sessionboard Public API supports two authentication methods:

API Tokens — Long-lived tokens for server-to-server integrations and scripts
OAuth 2.1 — For AI assistants (Claude, ChatGPT) and user-authorized connections

API Tokens
OAuth 2.1

API tokens are scoped to your organization and can be generated from the Sessionboard admin dashboard.

Generate a Token

Open Organization Settings

Navigate to API Tokens

Select the API Tokens section within your organization settings.

Generate a New Token

Click Generate Token. Give the token a descriptive name and select the appropriate scopes for your use case.

Copy the Token

Copy the generated token immediately. For security reasons, the full token value is only displayed once. Store it securely in your application’s environment variables or secrets manager.

Using the Token

Include the token in the x-access-token header on every API request.

curl -X GET https://public-api.sessionboard.com/v1/events \
  -H "x-access-token: YOUR_TOKEN"

Keep your API tokens secure. Never commit tokens to source control, embed them in client-side code, or share them in public channels. If a token is compromised, revoke it immediately from the API Tokens settings page and generate a new one.

Token Scopes

API tokens can be granted specific scopes to control access:

Scope	Type	Description
`read:events`	Read	Access event data
`read:sessions`	Read	Access session data
`read:contacts`	Read	Access speaker and contact data
`read:reports`	Read	Access saved reports
`read:dashboards`	Read	Access dashboards
`read:insights`	Read	Access AI-powered insights and SbQL queries. Required for MCP.
`write:sessions`	Write	Create, update, delete, and restore sessions
`write:contacts`	Write	Create, update, delete, and restore contacts
`write:exhibitors`	Write	Create, update, delete, and restore exhibitors
`write:sponsors`	Write	Create, update, delete, and restore sponsors
`write:fields`	Write	Create, update, and delete custom fields
`write:metadata`	Write	Create, update, and delete session metadata (rooms, tracks, etc.)
`write:events`	Write	Create, update, and delete agenda drafts, scheduling rules, personas, dashboards, widgets, and saved reports

Legacy tokens (empty scopes array) get all read scopes implicitly but do not get write access. When generating a token, select only the scopes your integration requires.

For AI assistants like Claude and ChatGPT, Sessionboard supports OAuth 2.1 with PKCE. This allows users to authorize AI tools to access their event data through a secure consent flow.See the full OAuth 2.1 guide for setup instructions, token exchange, and available scopes.Quick overview:

Users authorize via a consent page at appv2.sessionboard.com/oauth/consent
Tokens are issued by public-api.sessionboard.com/oauth/token
Access tokens expire after 1 hour, refresh tokens after 7 days
Tokens inherit the authorizing user’s permissions (dynamic — changes take effect immediately)

# Using an OAuth access token
curl https://public-api.sessionboard.com/v1/events \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Getting Started

Guides

Insights & AI

Generate a Token

Using the Token

Token Scopes

Getting Started

Guides

Insights & AI

Documentation Index

​Generate a Token

​Using the Token

​Token Scopes

Generate a Token

Using the Token

Token Scopes