All applications submitted to the Onshape App Store (Onshape Apps) must follow the instructions on the API Guide: OAuth2 page and use OAuth2 for authorization. Automation scripts (or applications not meant for the Onshape App Store) may use either OAuth2 or API Keys for authentication. OAuth2 allows applications to call Onshape APIs on behalf of the users of the application; API keys will only perform operations on behalf of the Onshape user who generated the API keys.

For more information on working with Onshape applications, please see the Onshape API Developer Documentation.

To navigate to your Developer settings in Onshape, click on your Account user icon (Account user icon) in the top right corner of your Onshape window. This opens a dropdown menu. Click My account.

Click Developer in the list on the left side of the page:

My Account: Developer

API keys are a useful way create small applications meant for personal use, allowing developers to avoid the overhead of the OAuth workflow.

API keys are used to authenticate an application, not its users. (OAuth2 authenticates an application and users of the application by ensuring the users are authorized to access Onshape.)

Once you create an API key, it is valid only in the stack on which it was created. An API key created on your company stack (i.e., companyName.onshape.com) will not function on the production stack (cad.onshape.com). Administrators can also manage API keys for users in their company: see Company/Classroom/Enterprise settings - Developer.

Viewing API keys

  1. Click API keys on the Developer page.
  2. View all your previously-created API keys.
    API keys listed in the developer screen

Creating API keys

  1. Click Create new API key.
    Create new API key screen
  2. Provide a name for the API key in the Name field.
  3. Choose the permissions for the keys. See Permission scopes below.
  4. Click the Create API key button.

  5. In the pop-up window, copy the API key and secret key shown, save them somewhere, then click the Close button.

    You will not be able to find the secret key again, so save it somewhere safe!

    Secret key shown to user

Deleting API keys

  1. Click the "X" icon to the right of the API key you wish to delete.
  2. Confirm that you want to delete this API key. This action cannot be undone. Click Delete to confirm.
    Deleting an api key

The following permission scopes are available when creating OAuth applications:

  • Application can read your profile information (OAuth2ReadPII) - Check to allow the application access to information on your profile.

  • Application can read your documents (OAuth2Read) - Check to allow the application read access to your documents.

  • Application can write to your documents (OAuth2Write) - Check to allow the application write access to your documents.

  • Application can delete your documents and workspaces (OAuth2Delete) - Check to allow the application access to delete your documents and workspaces.

  • Application can request purchases on your behalf (OAuth2Purchase) - Check to allow the application the ability to make purchase for you.

  • Application can share and unshare documents on your behalf (OAuth2Share) -  Check to allow the application the ability to share and unshare your documents.