We take security — yours and ours — seriously. To make API requests, you need to authenticate to the Upwork API. Currently, we support OAuth 2.0 authentication. All API requests must be signed following the RFC 6749 specification.
The OAuth protocol enables websites or applications (sometimes called “clients”) to access protected resources from a web service (server) via an API, without requiring resource owners to disclose their service provider credentials to the clients. For more information on the OAuth process, visit the OAuth 2.0 Guide.
Note that OAuth Request tokens expire in 24 hours. You can refresh the token every two weeks or less. Once the Access token is created, it never expires.
For each application you develop, you need to obtain new client credentials (API key and secret). You can request these credentials while logged into your Upwork account.
For more details on authentication and security please refer to our API public documentation.