Authentication.

API Reference · Reference
01

API Keys

The simplest way to authenticate. Generate an API key under Settings → API → New Key. Include the key in every request as a header: Authorization: Bearer sk_live_YOUR_KEY. Keep keys secret: they have full account access.

02

OAuth2

For third-party apps that act on behalf of users, use OAuth2. The authorization endpoint is https://app.baseerat.app/oauth/authorize. After the user grants access, exchange the code for an access token at https://app.baseerat.app/oauth/token. Access tokens expire after 1 hour; use refresh tokens to get new ones.

03

Scopes

API keys have full access. OAuth2 tokens are scoped: contacts:read, contacts:write, deals:read, deals:write, pipelines:read, activities:read, activities:write, webhooks:manage. Request only the scopes your app needs.

04

Rate limiting

Standard plans: 1,000 requests per minute. Enterprise: 10,000 requests per minute. Rate limit headers are returned on every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. If exceeded, you receive a 429 response.