The Conga Composer API uses the following features for security:

  • Uses SSL (HTTPS) to ensure all data is secure. Calls made over plain HTTP will fail.
  • Uses API Key to validate API users. API requests without authentication will fail.

Configuring Composer API Settings

To use Conga Composer API, you must first generate your Client ID and your Client Secret.

  1. Login to the Conga Platform.
  2. Navigate to Org Management > Conga API Connections > Add API to API Connection.
  3. Select External Identifier
  4. Click Save and Generate Client Secret.


At Conga, we value the security of our customers’ data more than anything else. Authenticating for Composer REST APIs requires a Client ID and Client Secret to connect your API solution to Conga Composer API. 

Generate Conga Authentication Access Token

The Auth Access Token API call returns the Conga-access-token, which will be used to authorize the API call.

  • HTTP Method: POST

  • Endpoint:

  • Required Headers: Content-Type: application/x-www-form-urlencoded
  • Post Body:

    grant_type ‘client_credentials’
    client_id <<Client ID provided after onboarding>>
    client_secret<<Client Secret provided after onboarding>>
  • Sample Response:

        "access_token": "eyJh………… ",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": "doc-gen.composer"


Composer Platform APIs use the following as their production environment endpoints:

Preview Environment Endpoints:


Conga Composer uses standard HTTP response codes to indicate the success or failure of an API request. Below are some example response codes:

200Successful Operation
204No Content
400Invalid Data
422Validation Error
500Internal Server Error