How to make OUATH call

I am trying to code a pack that will integrate with my school’s SIS via it’s API.
It uses OUATH2 (with an ID, secret, and scopes) and it returns a bearer token that is used in subsequent data calls.

I can’t figure out which authentication method to use. The API does not use an authentication URL but that seems to be a required parameter to use Oauth??
Current code is below. It compiles but when added to a doc asks for authentication but it should not require that as that is handled via the secret and id (which are configured in that Pack settings) on the API side (it has no username and password).

import * as coda from “@codahq/packs-sdk”;
export const pack = coda.newPack();

type: coda.AuthenticationType.OAuth2,
authorizationUrl: “Veracross”,
tokenUrl: “”,
scopes: [“master_attendance:list”],
additionalParams: {
grant_type: “client_credentials”,


Hi @Keith_Lowry - Sounds like a fun project! The sort of OAuth you are describing sounds like the “client credentials” flow. It’s a flavor of OAuth that doesn’t require the user to click “approve” in a dialog, you just immediately exchange the secrets for a token.

At the moment we don’t support this type of OAuth flow. However, we have an engineer building it right now! I can’t say for sure when it will be ready, but I would guess in the order of a few weeks. If you can wait that long, that would be the easiest solution. If you need to get something worker sooner I have some workarounds you could employ.

I can wait. I also dont mind trying some workarounds in the interim just in case…umm… just in case :wink:

I describe the current workaround here:

An important caveat is that Custom authentication requires approval from Coda, using this form. We’ve granted exceptions for client credentials OAuth in the past, but given that we’re working on it now I’m not sure team would rather have you just wait until it’s released.

I got tied up in other things last week so didn’t file the form. I’ll wait a week or so and see if the engineers finish the Oauth changes. Thanks!

1 Like

@Eric_Koleda Just seeing if there is any update yet?

Hi @Keith_Lowry - Sorry for not reaching out sooner. The new OAuth2ClientCredentials authentication type is now available:

Please give it a shot and let me know if it works for you.