To make API requests, you need to authenticate to Upwork API. Currently, we support OAuth 1.0 authentication. All API requests MUST be signed following the RFC 5849 specification.
The OAuth protocol enables websites or applications (sometimes called “clients”) to access protected resources from a web service (server) via an API, without requiring resource owners to disclose their service provider credentials to the clients. For more information on the OAuth process, visit Beginner’s Guide to OAuth and the OAuth 1.0 Guide.
Note that OAuth Request token expires in 600 sec. Once the Access token is created it never expires.
For each application you develop, you need to obtain new client credentials (API key and secret). You can request these credentials here while logged into your Upwork account.
For more details on authentication and security please refer to our API public documentation.