This page will help you get started with Penbox CONNECT.


Penbox is an API first platform, built on a set of RESTful interfaces, providing programmatic access to much of the data in the ecosystem. Which means that everything you see in our apps can be replicated in your tools and apps via our APIs.

As we are dedicated to make developers successful using Penbox, we have therefore designed a specific API Gateway CONNECT that even further facilitates the creation and management of requests and other Penbox resources.

Our API accepts JSON in request bodies and returns JSON content in all of its responses, including error and uses standard HTTP response codes, authentication, and verbs.

Only the UTF-8 character encoding is supported for both requests and responses.

The CONNECT API can be used to access your own Penbox workspaces, but can also be used by partners to authenticate on behalf of users and perform actions using standard oAuth2 flows.

Get a Penbox account

To start using our API, you need to make sure you have a Penbox account. If you don't, please create one by visiting our app and hit the "sign up" link below the login modal. The process to create your workspace should be simple 😆

Once your account is created you'll be able to request credentials for authentication.


All API requests must be made over HTTPS and be authenticated. Calls made over plain HTTP will fail. API requests without authentication will also fail.

As a user

For testing purposes, or if you don't need to connect multiple users between your systems and Penbox, you can simply visit and get a token dedicated to a specific workspace.

Token validity

You are able to define a validity period for the token you generate between 1h up to 5 years.

Prefer using a short expiry date when generating token for testing purposes.

If stored in the confidentials settings of your app, prefer using long expiry date to reduce maintenance operations.

As a partner (oAuth2)

If you plan to enable your users to connect to their own Penbox account via standard oAuth2, please visit this page