Some doubts regarding the creation of a simple addon

Hello! I am creating a simple addon for clockify that requires the clockify API and I have encountered several questions that I could not resolve with the documentation.

  1. Can the token inserted as search param in the iframe be obtained only with the addon installed? How can I get that token for testing and local development, for example using postman?

  2. Why doesn’t the API allow me to use that token? I’ve gotten responses like: “API is not accessible (401)”, “Addon with id does not have permission USER_READ (401)”.

  3. If permissions are missing, how can I add them? I don’t want to send the addon for review until I have it halfway ready.

  4. I have only been able to use the api through an API KEY, but I don’t want it to only work that way but through the addon token.

  5. I have seen on forums that they use instead of What is the difference?

  6. Is there a way to see the changes to the addon’s UI without having to run “docker compose build…” every time?

  7. How can I test the addon in my personal account? Can it only be used in test accounts until it is published? Can I create an addon for personal use only without publishing it?

  8. What is reviewed in the review process?


Hi SwaXTech!

  1. yes, to get an addon token the user needs to have the addon installed on the workspace. For testing/development purposes an API key can be used (it appears the user is already using it on #4)

  2. they need to define the scopes inside the manifest, the manifest schema lists the available scopes

  3. same as #2 above

  4. they can develop the addon with the API key, and once they implement support for storing/retrieving the addon token they can make the switch. The header name will need to be changed from x-api-key to x-addon-token. They will also need to consider the permissions the addon token will have, and the type of the addon token they will be using (user addon token which acts on behalf of the user, or the installation addon token which has full access on the workspace)

  5. is testing environment used to test the add-ons.

  6. if they are using any of the java examples they can try directly building and running the addon without involving docker. They can also work on and build it on a mounted docker volume but that would be more of a hassle

  7. Add-on’s can’t be tested in the personal accounts. Currently it can only be used in the test accounts and it’s not possible to publish it for personal use yet.

  8. In the review process the functionality of the add-on is checked along with the scopes required and listing.

I hope that helps. Let us know if you need anything else.

1 Like

Thanks for your quick response! I am going to continue developing the Addon and if I have more questions I will ask them here.

Thank you!