API Data Provider - Online Help

Connecting to Harvest

To authenticate to Harvest, you can use either Token authentication or the OAuth standard. Use Basic authentication to connect to your own data. Use OAuth to allow other users to connect to their data.

Using Token Authentication

To use Token Authentication, set the APIKey to your Harvest Personal Access Token in the ProfileSettings connection property. In addition to APIKey, set your AccountId in ProfileSettings to connect.

Example connection string

Profile=C:\profiles\Harvest.apip;ProfileSettings='APIKey=my_personal_key;AccountId=_your_account_id';

Using OAuth Authentication

First, register an OAuth2 application with Harvest. The application can be created from the "Developers" section of Harvest ID.

After setting the following connection properties, you are ready to connect:

  • ProfileSettings: Set your AccountId in ProfileSettings.
  • AuthScheme: Set this to OAuth.
  • OAuthClientId: Set this to the client ID that you specified in your app settings.
  • OAuthClientSecret: Set this to the client secret that you specified in your app settings.
  • CallbackURL: Set this to the Redirect URI that you specified in your app settings.
  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to manage how the driver obtains and refreshes the OAuthAccessToken.

Example connection string

Profile=C:\profiles\Harvest.apip;ProfileSettings='AccountId=_your_account_id';Authscheme=OAuth;InitiateOAuth=GETANDREFRESH;OAuthClientId=your_client_id;OAuthClientSecret=your_client_secret;CallbackUrl=your_callback_url;

Connection Properties

The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider.


Property Description
AccountId Your Harvest Account ID.
APIKey Your Harvest Personal Access Token.
AuthScheme The scheme used for authentication. Accepted entries are None or OAuth.
Allowed values are: BASIC, NONE, NTLM, OAUTH, APIKEY, OAUTH_CLIENT
CallbackURL Identifies the URL users return to after authenticating to API via OAuth (Custom OAuth applications only).
InitiateOAuth Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.
Allowed values are: OFF, REFRESH, GETANDREFRESH
OAuthAccessToken Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.
OAuthClientId Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.
OAuthClientSecret Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.).
OAuthExpiresIn Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.
OAuthRefreshToken Specifies the OAuth refresh token used to request a new access token after the original has expired.
OAuthSettingsLocation Specifies the location of the settings file where OAuth values are saved.
OAuthTokenTimestamp Displays a Unix epoch timestamp in milliseconds that shows how long ago the current access token was created.
OAuthVerifier Specifies a verifier code returned from the OAuthAuthorizationURL . Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set.
Scope Scope(s) to use when authenticating, that control access to specific information.

Copyright (c) 2026 CData Software, Inc. - All rights reserved.
Build 26.0.9655.0