Reference

Building Integrations with Vercel REST API

Learn how to use Vercel REST API to build your integrations and work with redirect URLs.
Table of Contents

See the following API reference documentation for how to use Vercel REST API to create integrations:

To use Vercel REST API, you need to authenticate with an access token that contains the necessary scope. You can then provide the API token through the Authorization header.

When you create an integration, you define a redirect URL that can have query parameters attached.

One of these parameters is the code parameter. This short-lived parameter is valid for 30 minutes and can be exchanged once for a long-lived access token using the following API endpoint:

terminal
{`POST https://api.vercel.com/v2/oauth/access_token`}

Pass the following values to the request body in the form of application/x-www-form-urlencoded.

KeyTypeRequiredDescription
client_idIDYesID of your application.
client_secretStringYesSecret of your application.
codeStringYesThe code you received.
redirect_uriStringYesThe Redirect URL you configured on the Integration Console.

The response of your code exchange request includes a team_id property. If team_id is not null, you know that this integration was installed on a team.

If your integration is installed on a team, append the teamId query parameter to each API request. See Accessing Resources Owned by a Team for more details.

Each installation of your integration is stored and tracked as a configuration.

Sometimes it makes sense to fetch the configuration in order to get more insights about the current scope or the projects your integration has access to.

To see which endpoints are available, see the Configurations documentation for more details.

If an owner(s) of an integration leaves the team that's responsible for the integration, the integration will be flagged as disabled. The team will receive an email to take action (transfer ownership) within 30 days, otherwise the integration will be deleted.

When integration configurations are disabled:

  • Any API requests will fail with a 403 HTTP status code and a code of integration_configuration_disabled
  • We continue to send project.created, project.removed and integration-configuration.removed webhooks, as these will allow the integration configuration to operate correctly when re-activated. All other webhook delivery will be paused
  • Log drains will not receive any logs

Deployments made with Vercel are grouped into Projects. This means that each deployment is assigned a name and is grouped into a project with other deployments using that same name.

Using the Vercel REST API, you can modify Projects that the Integration has access to. Here are some examples:

When building a Vercel Integration, you may want to expose an API token or a configuration URL for deployments within a Project.

You can do so by Creating a Project Environment Variable using the API.

Environment Variables created by an Integration will

display the Integration's logo

.

When creating integrations the following scopes can be updated within the Integration Console:

Write permissions are required for both project and domain when updating the domain of a project.

ScopeDescription
integration-configurationInteract with the installation of your integration
deploymentInteract with deployments
deployment-checkVerify deployments with Checks
edge-configCreate and manage Edge Configs and their tokens
projectAccess project details and settings
project-env-varsCreate and manage integration-owned project environment variables
global-project-env-varsCreate and manage all account project environment variables
teamAccess team details
userGet information about the current user
log-drainCreate and manage log drains to forward logs
domainManage and interact with domains and certificates. Write permissions are required for both project and domain when updating the domain of a project.

Create and manage integration-owned project environment variables.

Access team details.

Get information about the current user.

ActionEndpoints

Read

Create and manage log drains to forward logs.

As the Vercel REST API evolves, you'll need to update your scopes based on your integration's endpoint usage.

Confirming Scope changes.
Confirming Scope changes.

Additions and upgrades always require a review and confirmation. To ensure this, every affected user and team owner will be informed through email to undergo this process. Please make sure you provide a meaningful, short, and descriptive note for your changes.

Scope removals and downgrades won't require user confirmation and will be applied immediately to confirmed scopes and pending requested scope changes.

User and Teams will always confirm all pending changes with one confirmation. That means that if you have requested new scopes multiple times over the past year, the users will see a summary of all pending changes with their respective provided note.

Once a user confirms these changes, scopes get directly applied to the installation. You will also get notified through the new integration-configuration.scope-change-confirmed event.

When using the Vercel REST API with Integrations, you might come across some errors which you can address immediately.

To avoid CORS issues, make sure you only interact with the Vercel REST API on the server side.

Since the token grants access to resources of the Team or Personal Account, you should never expose it on the client side.

For more information on using CORS with Vercel, see How can I enable CORS on Vercel?.

Ensure you are not missing the teamId query parameter. teamId is required if the integration installation is for a Team. Ensure the Scope of Your Access Token is properly set.

Last updated on July 16, 2024