Skip to main content
Leaf connects to Raven using OAuth 2.0 credentials. Once connected, Leaf syncs grower, farm, and field data for the Leaf user. This is separate from Raven Slingshot, which uses API key credentials for machine file ingestion.

Prerequisites

  1. A Raven developer account with OAuth application credentials.
  2. Your application’s clientId and clientSecret from Raven.
  3. A grower’s refreshToken obtained through the Raven OAuth 2.0 consent flow.

Credentials schema

FieldTypeRequiredDescription
clientIdstringYesYour Raven application client ID.
clientSecretstringYesYour Raven application client secret.
refreshTokenstringYesThe grower’s OAuth refresh token.

Endpoints

MethodPathDescription
GET/users/{leafUserId}/raven-credentialsGet stored credentials.
POST/users/{leafUserId}/raven-credentialsCreate credentials.
DELETE/users/{leafUserId}/raven-credentialsDelete credentials.
GET/users/{leafUserId}/raven-credentials/eventsGet credential events for troubleshooting.
Base URL: https://api.withleaf.io/services/usermanagement/api

Create credentials

curl -X POST \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "your-client-id",
    "clientSecret": "your-client-secret",
    "refreshToken": "grower-refresh-token"
  }' \
  'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/raven-credentials'

Response

{
  "id": "uuid",
  "status": "str",
  "createdTime": "2026-01-15T12:00:00.000000Z",
  "clientId": "your-client-id",
  "clientSecret": "your-client-secret",
  "accessToken": "str",
  "refreshToken": "grower-refresh-token"
}

Troubleshooting

Use the events endpoint to check credential health. Events are retained for 30 days and are deleted when the credential is removed. 
GET /users/{leafUserId}/raven-credentials/events

What to do next

Last modified on March 19, 2026