Third Party Application Permissions

Updated on March 1, 2013 - What’s new »

There are many ways to access your Evernote account, including using applications published by Evernote as well as applications published by third party developers (“Third Party Applications”). This document will help you understand how such Third Party Applications access your Evernote account.

To start, it is important to note a Third Party Application needs your express permission in order to access your account. Evernote will not transfer your email address to a Third Party Application without your permission, and will never transfer your password to any Third Party Application.

Most Third Party Applications use a process called “OAuth” to obtain permission to access your account. The OAuth process allows you to authorize Evernote to give a specified Third Party Application a token which in turn allows the Third Party Application to access your account without needing your Evernote username and password.

Here’s how OAuth works: When the Third Party Application needs to access your Evernote account, it will direct you to Evernote's servers, where you will be prompted to log into your Evernote account with your Evernote username and password. This means that you are signing into your Evernote account on the Evernote system – you are not giving the Third Party Application your Evernote credentials. Then you will be shown the application's name, the period of time for which it will have access to your account and the permissions it will have to access your Evernote account. Next, you will be asked to authorize the application to access your account.

The screenshot below provides an example of what you will see, although it is important to note that not all applications will request each of the permissions listed below:

screenshot

If you click the "Decline" button on this page, you deny the application permission to access your Evernote account. If you click the "Authorize" button, you grant the application permission to access your Evernote account. The application's access will expire after the period of time indicated; and you can reduce the amount of time that the application will have access to your Evernote account by clicking on the "change" link next to the indicated time period. After the permission expires, the application will be unable to access your Evernote account until you reauthorize access by going through the OAuth process again.

If you have previously authorized the same application - by using the same mobile application on multiple devices, for example - you will be presented with the options to “Re-authorize” or “Revoke Access” instead of “Authorize” or “Decline”. If you click the “Re-authorize” button, you are re-authorizing the application’s permission to access your Evernote account for another period of time as indicated. If you click the “Revoke Access” button, you are revoking the application’s existing access to your Evernote account on all devices. The application will immediately lose access to your Evernote account.

You can view a list of applications that currently have access to your Evernote account using OAuth by visiting https://www.evernote.com/AuthorizedServices.action. From this page you may also revoke access to individual applications.

The individual permissions listed on the OAuth page indicate the type of access that an application will have to your account, as well as specifying the specific permissions that an application will not have. These permissions are described in detail below, but note that not all applications will request each of the permissions listed here:

  • Create notes, notebooks and tags. The application will be able to create new notes in your account, create new notebooks in your account, create new tags in your account and create new saved searches in your account.
  • Update notes, notebooks and tags. The application will be able to modify existing notes in your account, including moving notes to the trash. The application will not be able to permanently delete notes from your account (that is, empty the trash). The application will be able to modify existing notebooks in your account (e.g., rename a notebook or add it to a stack); existing tags in your account (e.g., rename the tag); and existing saved searches in your account (e.g., change the saved search query).
  • List notebooks and tags. The application will be able to obtain a list of the existing notebooks in your account, including the names of the notebooks and the names of the stacks that they are in. It also will be able to obtain a list of the existing tags in your account, including the names of the tags, and obtain a list of the existing saved searches in your account, including the names of the searches and the corresponding search queries.
  • Retrieve notes. The application will be able to read the content of existing notes in your account, including the note title, body and attachments, and other note attributes such as location information, if available.
  • Delete notebooks and tags. The application will be able to permanently delete existing notebooks from your account. Notes in these notebooks will be moved to the trash, but will not be permanently deleted (that is, the trash will not be emptied). The application also will be able to permanently delete existing tags from your account. Notes that were tagged with the deleted tag will be modified to remove the tag, but will not themselves be moved to the trash or permanently deleted. In addition, the application will be able to permanently delete existing saved searches from your account.
  • Permanently delete notes. The application will be able to permanently delete existing notes from your account (that is, empty the trash).
  • Access account information. The application will be able to read information about your Evernote account such as the email address that you used to register for Evernote. Third party applications that authenticate using OAuth do not request this permission.

NOTE: Applications with permission to both "Create notes, notebooks and tags" and "Update notes, notebooks and tags" will have the ability to share existing notebooks from your account using Evernote's "shared notebook" feature. They will also have the ability to make existing notes and notebooks publicly accessible.

Some applications, including some published by Evernote, as well as some published by third party developers, do not use OAuth. Instead, these Third Party Applications prompt you to provide your Evernote username and password and use them to authenticate to Evernote. By providing your Evernote username and password to an application, you are granting it permission to access your Evernote account. Once you have provided your Evernote username and password to an application, it may store those values and use them to access your Evernote account. Such applications must provide a button or link for you to log out of Evernote. When you log out, the application is no longer able to access your account. You may also cut off an application's access to your Evernote account by logging into Evernote from our website and changing your Evernote password. You may change your password at any time by visiting https://www.evernote.com/RChangePassword.action

When you provide your Evernote username and password to an application directly, please note that the application will be able to store this information as well as the email address that you used to register your Evernote account.

Regardless of how you authorize access, no Third Party Application will have access to your credit card or other payment information. In addition, neither Evernote nor any Third Party Application are able to decrypt encrypted portions of your notes unless you provide your encryption password to that application directly. Evernote neither stores not distributes your encryption password.

Finally, remember that if you believe that your Evernote account may have been accessed without your permission, you should immediately change your Evernote password as described above. Once you have changed your password, you should revoke the access of any application that you do not recognize or explicitly trust as described above. For additional help, please contact our Customer Support team.

turn Quantcast bizo turn pixel