Building Integrations with Vercel REST API
Learn how to use Vercel REST API to build your integrations and work with redirect URLs.See the following API reference documentation for how to use Vercel REST API to create integrations:
- Creating a Project Environment Variable
- Forwarding Logs using Log Drains
- Create an Access Token
- Interacting with Teams
- Interacting with Configurations
- Interacting with Vercel Projects
To use Vercel REST API, you need to authenticate with an access token that contains the necessary scope. You can then provide the API token through the Authorization header.
When you create an integration, you define a redirect URL that can have query parameters attached.
One of these parameters is the code parameter. This short-lived parameter is valid for 30 minutes and can be exchanged once for a long-lived access token using the following API endpoint:
{`POST https://api.vercel.com/v2/oauth/access_token`}Pass the following values to the request body in the form of application/x-www-form-urlencoded.
| Key | Type | Required | Description |
|---|---|---|---|
| client_id | ID | Yes | ID of your application. |
| client_secret | String | Yes | Secret of your application. |
| code | String | Yes | The code you received. |
| redirect_uri | String | Yes | The Redirect URL you configured on the Integration Console. |
The response of your code exchange request includes a team_id property. If team_id is not null, you know that this integration was installed on a team.
If your integration is installed on a team, append the teamId query parameter to each API request. See Accessing Resources Owned by a Team for more details.
Each installation of your integration is stored and tracked as a configuration.
Sometimes it makes sense to fetch the configuration in order to get more insights about the current scope or the projects your integration has access to.
To see which endpoints are available, see the Configurations documentation for more details.
If an owner(s) of an integration leaves the team that's responsible for the integration, the integration will be flagged as disabled. The team will receive an email to take action (transfer ownership) within 30 days, otherwise the integration will be deleted.
When integration configurations are disabled:
- Any API requests will fail with a
403HTTP status code and acodeofintegration_configuration_disabled - We continue to send
project.created,project.removedandintegration-configuration.removedwebhooks, as these will allow the integration configuration to operate correctly when re-activated. All other webhook delivery will be paused - Log drains will not receive any logs
Deployments made with Vercel are grouped into Projects. This means that each deployment is assigned a name and is grouped into a project with other deployments using that same name.
Using the Vercel REST API, you can modify Projects that the Integration has access to. Here are some examples:
When building a Vercel Integration, you may want to expose an API token or a configuration URL for deployments within a Project.
You can do so by Creating a Project Environment Variable using the API.
Environment Variables created by an Integration will
display the Integration's logo
.
When creating integrations the following scopes can be updated within the Integration Console:
Write permissions are required for both
project and domain when updating
the domain of a project.
| Scope | Description |
|---|---|
| integration-configuration | Interact with the installation of your integration |
| deployment | Interact with deployments |
| deployment-check | Verify deployments with Checks |
| edge-config | Create and manage Edge Configs and their tokens |
| project | Access project details and settings |
| project-env-vars | Create and manage integration-owned project environment variables |
| global-project-env-vars | Create and manage all account project environment variables |
| team | Access team details |
| user | Get information about the current user |
| log-drain | Create and manage log drains to forward logs |
| domain | Manage and interact with domains and certificates. Write permissions are required for both project and domain when updating the domain of a project. |
Interact with an installation of your integration.
| Action | Endpoints |
|---|---|
Read | |
Read/Write |
Interact with deployments.
| Action | Endpoints |
|---|---|
Read | |
Read/Write |
Verify deployments with Checks.
Create and manage Edge Configs and their tokens.
| Action | Endpoints |
|---|---|
Read | |
Read/Write |
Access project details and settings.
| Action | Endpoints |
|---|---|
Read | |
Read/Write |
Create and manage integration-owned project environment variables.
| Action | Endpoints |
|---|---|
Read/Write |
Create and manage all account project environment variables.
| Action | Endpoints |
|---|---|
Read/Write |
Create and manage log drains to forward logs.
| Action | Endpoints |
|---|---|
Read/Write |
Manage and interact with domains and certificates.
| Action | Endpoints |
|---|---|
Read | |
Read/Write |
As the Vercel REST API evolves, you'll need to update your scopes based on your integration's endpoint usage.
Additions and upgrades always require a review and confirmation. To ensure this, every affected user and team owner will be informed through email to undergo this process. Please make sure you provide a meaningful, short, and descriptive note for your changes.
Scope removals and downgrades won't require user confirmation and will be applied immediately to confirmed scopes and pending requested scope changes.
User and Teams will always confirm all pending changes with one confirmation. That means that if you have requested new scopes multiple times over the past year, the users will see a summary of all pending changes with their respective provided note.
Once a user confirms these changes, scopes get directly applied to the installation. You will also get notified through the new integration-configuration.scope-change-confirmed event.
When using the Vercel REST API with Integrations, you might come across some errors which you can address immediately.
To avoid CORS issues, make sure you only interact with the Vercel REST API on the server side.
Since the token grants access to resources of the Team or Personal Account, you should never expose it on the client side.
For more information on using CORS with Vercel, see How can I enable CORS on Vercel?.
Ensure you are not missing the teamId query parameter. teamId is required if the integration installation is for a Team.
Ensure the Scope of Your Access Token is properly set.
Was this helpful?