Authentication
All API requests require a Bearer token in the Authorization header.
Creating an API Key
- Go to Settings → API Keys in the ScendCore dashboard
- Click Create API Key
- Copy the key — it is shown only once
Using the Key
curl https://app.scendcore.com/api/v1/contacts \
-H "Authorization: Bearer sk_your_api_key_here" \
-H "Content-Type: application/json"Scopes
Each API key has specific scopes that control what it can access:
| Scope | Grants Access To |
|---|---|
contacts:read | GET /contacts |
contacts:write | POST /contacts, PATCH /contacts/:id |
opportunities:read | GET /opportunities |
opportunities:write | POST /opportunities, PATCH /opportunities/:id |
sequences:read | GET /sequences |
sequences:write | POST /sequences/enroll |
custom_fields:read | GET /custom-fields |
custom_fields:write | POST /custom-fields |
conversations:read | GET /conversations |
conversations:write | POST /conversations |
notes:write | POST /notes |
webhooks:write | GET/POST /webhooks/subscribe |
If a key lacks the required scope, the API returns 403 Forbidden.
Security
- API keys are SHA-256 hashed — the plaintext is never stored
- Every request is tenant-isolated — keys can only access their own tenant’s data
- Keys can be revoked instantly from Settings → API Keys
- All mutating calls are audit-logged with the key ID, endpoint, and timestamp
Last updated on