Skip to main content
HMRC Developer Hub

Your feedback (opens in new tab) will help us to improve this service.

  1. Home
  2. Documentation

Authorisation

Introduction

Our APIs use three types of endpoints. Each type has its own access level, authorisation token and authorisation process. The type you use depends on the data the endpoint provides.

Endpoint types and tokens

Use the table to identify the correct token for each endpoint access type.

Endpoint access level Required authorisation token
Open access No token
Application-restricted OAuth 2.0 access_token
Generated using OAuth 2.0 Client Credentials Grant

Using server_token is now deprecated.
User-restricted OAuth 2.0 access_token
Generated using OAuth 2.0 Authorization Code Grant
Is this page not working properly? (opens in new tab)