Authentication
All CRM API endpoints require authentication via Bearer token.
Authorization Header
Authorization: Bearer <jwt_token>
Required Scopes
| Scope | Description |
|---|---|
crm:read | Read profiles, timeline, notes |
crm:write | Create/update profiles, add notes |
crm:admin | Merge profiles, manage segments |
crm:campaigns | Manage campaigns and journeys |
crm:social | Manage social connections and posts |
Multi-Tenancy
All requests must include a tenantId. This is typically extracted from the JWT token or passed as a query parameter.
GET /api/v1/customers?tenantId=tenant_123
Rate Limits
| Endpoint Type | Limit |
|---|---|
| Read operations | 1000/minute |
| Write operations | 100/minute |
| Campaign execution | 10/minute |
| Social publishing | 30/minute |
| Bulk operations | 10/minute |
Rate limit headers are included in responses:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1734184800