REST API
When the native integrations do not quite fit, drop down to the API.
A modern JSON-over-HTTPS API. Bearer-token auth, idempotent writes via Idempotency-Key headers, sensible rate limits, cursor-based pagination, and a published OpenAPI spec. Anything the dashboard does, the API can do.
API surface, at a glance.
Resources
Affiliates, programs, conversions, commissions, payouts, integrations, audit log. Every dashboard surface has a 1:1 endpoint.
Bearer-token auth
Programmatic API keys with scoped permissions. Rotate without downtime. Per-key rate limits.
Idempotent writes
Pass an `Idempotency-Key` header on POSTs; HeldSway dedupes retries within 24 hours. Network blips don't double-create.
Cursor pagination
Stable cursor-based pagination for large lists. No offsets that drift when records change underneath you.
OpenAPI 3.1 spec
Published spec at `docs.heldsway.com/api/openapi.json`. Generates client SDKs in Go, Python, TS, Ruby, etc.
Sandbox environment
A dedicated `sandbox.heldsway.com` mirror with seeded test data. Build and break things without touching production.
How to connect
First request in three minutes.
- 01
Generate an API key
In your HeldSway dashboard → Settings → API Keys → Create. Pick scopes (read-only, conversion-write, payout-write, admin).
- 02
curl the health endpoint
curl -H "Authorization: Bearer $KEY" https://api.heldsway.com/v1/me → {"workspace":"…","plan":"basic"}.
- 03
Build something
Use the OpenAPI spec to generate a typed client, or call endpoints directly. Webhooks complement the API for push-style events.
API conventions
- HTTPS only
- JSON request/response
- Bearer token auth
- Idempotency-Key on POST/PUT
- 1000 req/min default rate limit
- OpenAPI 3.1
- Cursor pagination
- Versioned at /v1
Pairs naturally with
Build whatever HeldSway does not.
API access included on every Standard plan and above. Sandbox is free during trial.