Updated on March 1, 2013
There are many ways to access your Evernote account, including using applications published by Evernote as well as applications published by third party developers (“Third Party Applications”). This document will help you understand how such Third Party Applications access your Evernote account.
To start, it is important to note a Third Party Application needs your express permission in order to access your account. Evernote will not transfer your email address to a Third Party Application without your permission, and will never transfer your password to any Third Party Application.
Most Third Party Applications use a process called “OAuth” to obtain permission to access your account. The OAuth process allows you to authorize Evernote to give a specified Third Party Application a token which in turn allows the Third Party Application to access your account without needing your Evernote username and password.
Here’s how OAuth works: When the Third Party Application needs to access your Evernote account, it will direct you to Evernote's servers, where you will be prompted to log into your Evernote account with your Evernote username and password. This means that you are signing into your Evernote account on the Evernote system – you are not giving the Third Party Application your Evernote credentials. Then you will be shown the application's name, the period of time for which it will have access to your account and the permissions it will have to access your Evernote account. Next, you will be asked to authorize the application to access your account.
If you click the "Decline" button on this page, you deny the application permission to access your Evernote account. If you click the "Authorize" button, you grant the application permission to access your Evernote account. The application's access will expire after the period of time indicated; and you can reduce the amount of time that the application will have access to your Evernote account by clicking on the "change" link next to the indicated time period. After the permission expires, the application will be unable to access your Evernote account until you reauthorize access by going through the OAuth process again.
If you have previously authorized the same application - by using the same mobile application on multiple devices, for example - you will be presented with the options to “Re-authorize” or “Revoke Access” instead of “Authorize” or “Decline”. If you click the “Re-authorize” button, you are re-authorizing the application’s permission to access your Evernote account for another period of time as indicated. If you click the “Revoke Access” button, you are revoking the application’s existing access to your Evernote account on all devices. The application will immediately lose access to your Evernote account.
You can view a list of applications that currently have access to your Evernote account using OAuth by visiting https://www.evernote.com/AuthorizedServices.action. From this page you may also revoke access to individual applications.
The individual permissions listed on the OAuth page indicate the type of access that an application will have to your account, as well as specifying the specific permissions that an application will not have. These permissions are described in detail below, but note that not all applications will request each of the permissions listed here:
NOTE: Applications with permission to both "Create notes, notebooks and tags" and "Update notes, notebooks and tags" will have the ability to share existing notebooks from your account using Evernote's "shared notebook" feature. They will also have the ability to make existing notes and notebooks publicly accessible.
Some applications, including some published by Evernote, as well as some published by third party developers, do not use OAuth. Instead, these Third Party Applications prompt you to provide your Evernote username and password and use them to authenticate to Evernote. By providing your Evernote username and password to an application, you are granting it permission to access your Evernote account. Once you have provided your Evernote username and password to an application, it may store those values and use them to access your Evernote account. Such applications must provide a button or link for you to log out of Evernote. When you log out, the application is no longer able to access your account. You may also cut off an application's access to your Evernote account by logging into Evernote from our website and changing your Evernote password. You may change your password at any time by visiting https://www.evernote.com/secure/SecuritySettings.action
When you provide your Evernote username and password to an application directly, please note that the application will be able to store this information as well as the email address that you used to register your Evernote account.
Regardless of how you authorize access, no Third Party Application will have access to your credit card or other payment information. In addition, neither Evernote nor any Third Party Application are able to decrypt encrypted portions of your notes unless you provide your encryption password to that application directly. Evernote neither stores not distributes your encryption password.
Finally, remember that if you believe that your Evernote account may have been accessed without your permission, you should immediately change your Evernote password as described above. Once you have changed your password, you should revoke the access of any application that you do not recognize or explicitly trust as described above. For additional help, please contact our Customer Support team.