Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.withleaf.io/llms.txt

Use this file to discover all available pages before exploring further.

Leaf connects to John Deere Operations Center using OAuth 2.0. Once connected, Leaf syncs fields, machine files, and field operations for the Leaf user.

Prerequisites

  1. A John Deere developer account. Register here.
  2. An application registered in the My Applications portal with the appropriate scopes and redirect URIs configured. Make sure Webhook Read and Webhook Write permissions are enabled under Operations Center - Webhook — this allows Leaf to receive real-time data notifications instead of relying solely on polling.
  3. Your application’s clientKey and clientSecret from John Deere.
  4. A grower’s refreshToken obtained through the John Deere OAuth 2.0 consent flow.
John Deere accounts can span multiple organizations. By default, Leaf syncs data from all organizations the account has access to. Use the organizationDataSync configuration to limit this to specific organizations.

Setup steps

  1. Complete the John Deere OAuth 2.0 flow to obtain a refreshToken for the grower’s account.
  2. POST the credentials to Leaf:
curl -X POST \
    -H 'Authorization: Bearer YOUR_TOKEN' \
    -H 'Content-Type: application/json' \
    -d '{
      "clientKey": "your-client-key",
      "clientSecret": "your-client-secret",
      "refreshToken": "grower-refresh-token",
      "clientEnvironment": "PRODUCTION"
    }' \
    'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/john-deere-credentials'
  1. Leaf validates the token and begins syncing. Check credential status with GET /users/{leafUserId}/john-deere-credentials.

Credentials schema

Create request body:
FieldTypeRequiredDescription
clientKeystringYesYour application’s client key from John Deere
clientSecretstringYesYour application’s client secret
refreshTokenstringYesThe grower’s OAuth refresh token
clientEnvironmentstringYesSTAGE or PRODUCTION
Response: 
{
  "id": "uuid",
  "status": "str",
  "createdTime": "yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'",
  "tokenMetadata": {"scopes": ["str"]},
  "clientKey": "str",
  "clientSecret": "str",
  "accessToken": "str",
  "refreshToken": "str",
  "clientEnvironment": "PRODUCTION"
}
The status field reflects the current health of the credential. If Leaf detects during background processing that the credential is no longer valid, the status changes accordingly.

Endpoints

Base URL: https://api.withleaf.io/services/usermanagement/api
ActionMethodPath
Get credentialsGET/users/{leafUserId}/john-deere-credentials
Create credentialsPOST/users/{leafUserId}/john-deere-credentials
Delete credentialsDELETE/users/{leafUserId}/john-deere-credentials
Get credential eventsGET/users/{leafUserId}/john-deere-credentials/events

Troubleshooting

Use the events endpoint to inspect credential health: 
curl -X GET \
    -H 'Authorization: Bearer YOUR_TOKEN' \
    'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/john-deere-credentials/events'
Each event includes a body, headers, statusCode, and createdDate.
Event logs are retained for 30 days. Once the credential is deleted or disassociated from the Leaf user, the logs are no longer available.
Common issues:
  • Status changes to invalid: The grower may have revoked access in John Deere Operations Center, or the refresh token expired. Have the grower re-authorize through the OAuth flow.
  • Missing organizations: If expected data isn’t appearing, check whether organizationDataSync is set to SELECTED_ONLY and verify the correct organizations are selected.
  • STAGE vs. PRODUCTION mismatch: Make sure clientEnvironment matches the environment your John Deere app is registered in.

What to do next

Last modified on March 19, 2026