Help Center
Premium Features


Notejoy offers an OAuth 2.0 RESTful JSON API for select partners and customers.

Obtaining API Access

Please contact the Notejoy team detailing your specific use case for Notejoy's API in order to gain access.


Notejoy implements the industry-standard OAuth 2.0 protocol for authentication. The following details Notejoy's OAuth 2.0 endpoints. Your app will be issued its own Client ID and Client Secret that can be used to complete the authentication flow.

Requesting authorization

Redirect the end user to the following url in order to allow the user to grant your application access to their Notejoy account. If the user is not currently logged in, they'll first be prompted to login or signup for Notejoy. Once logged in, they will then be asked to grant access to your application.



Parameter Required Description
client_id Required Your app's Client ID
redirect_uri Required The url to redirect to after successful authorization. This url will include an authorization code parameter as well as a state parameter if you provided it. Must match the redirect_uri registered with Notejoy.
scope Required Space-separated list of required scopes from the following list: read_all, write_all. Must match the scope registered with Notejoy.
state Any optional state that you want to be passed to you in the redirect_uri.

Obtaining an access token

Once the user has completed the authorization flow and the user has been redirected back to your server via the redirect_uri, you can then make a server-side POST request to the following URL with the code you received from the redirect to obtain an access token for that user.



Parameter Required Description
code Required The authorization code you received as a parameter in the redirect after user authorization
client_id Required Your app's Client ID
client_secret Required Your app's Client Secret
redirect_uri Required The redirect uri you used in the authorization request. Must match the redirect_uri registered with Notejoy.


Key Description
access_token The long-lived access token you can use to make API requests on behalf of the user.
expires Timestamp of when the access token expires.

Making API requests

Once you've obtained the long-lived access token for the user, you should store it securely in your server with the same level of security you store user passwords. You can then use this access token to make API requests on behalf of the user.

When making API requests, include the following authorization header:

Authorization: Bearer [access_token]



Returns an index of every note the authenticated user has access to. This includes both personal notes as well as notes in shared libraries.


Parameter Required Description
include_url "true" if you would like to receive each note's url in the response


Returns a notes list with the following attributes for each note.

Key Description
id The note's unique id.
notebook_id The id of the notebook this note belongs to.
title The title of the note.
url The url of the note.