Authentication
All API requests require authentication via an API key passed in the Authorization header.
Header Format
Authorization: Bearer kshw_xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxKey Format
API keys follow this format:
kshw_<8-char tenant prefix>_<32 random chars>
Rate Limits
Rate limits depend on your plan:
| Plan | Requests/Hour | Writes/Day |
|---|---|---|
| Free | 100 | 50 |
| Pro | 500 | 200 |
| Max | 1000 | 500 |
| Business | 2000 | 1000 |
Error Responses
// 401 — Invalid or missing API key
{ "detail": "Invalid API key" }
// 403 — Insufficient scope
{ "detail": "Scope 'crm:write' required" }
// 429 — Rate limit exceeded
{ "detail": "Rate limit exceeded. Try again in 42 seconds." }