Authentication

The API uses Bearer token authentication via Laravel Sanctum.

Generating a Token

Go to Settings > API Integration in the CRM dashboard
Enter a name for the token (e.g. “SAP Integration”)
Select the permissions you want to grant
Optionally set an expiry date
Click Generate
Copy the token immediately — it won’t be shown again

Using the Token

Include the token in the Authorization header of every request:

curl -H "Authorization: Bearer 1|abc123def456..." \
     https://<your-domain>/api/v2/crm/customers

Permissions

Each token is created with specific permissions that control what it can access:

Permission	Description
`customer:read`	View customer list and details

Tokens without the required permission for an endpoint will receive a 403 response.

Token Management

Tokens can be revoked at any time from Settings > API Integration
Each token shows its last used time and expiry date
Revoked tokens are immediately invalidated

Rate Limiting

All API requests are rate limited to 60 requests per minute per user. When the limit is exceeded, you’ll receive a 429 response with a Retry-After header.

Getting Started

​Authentication

​Generating a Token

​Using the Token

​Permissions

​Token Management