Skip to content

Technical Reference: API v3 & Security

The SALESmanago API allows developers to extend the platform's functionality and integrate with virtually any 3rd party software.

Authentication Mechanism

All API v3 requests require a JSON header for authentication.

Required Credentials

  1. Client ID: Your unique account identifier.
  2. API Secret: A 32-character string used to sign requests.
  3. Owner Email: The email address of the account administrator.

Request Format

curl -X POST [https://app.salesmanago.com/api/v3/contact/upsert](https://app.salesmanago.com/api/v3/contact/upsert) \
     -H "Content-Type: application/json" \
     -d '{
           "apiKey": "YOUR_API_KEY",
           "apiSecret": "YOUR_SECRET",
           "owner": "admin@domain.com",
           "contact": { "email": "dev@example.com" }
         }'

Security Best Practices

  • Rotate Secrets: We recommend changing your API secret every 90 days.
  • Server-to-Server: Never call the API from the frontend (client-side) as it exposes your apiSecret.
  • Error Handling: Always implement logic to handle 503 (Service Unavailable) errors by retrying the request after a short delay (Exponential Backoff).

Security Warning

Exposing your apiSecret in client-side JavaScript can lead to unauthorized access to your entire database. Always keep API interactions on the server side.

Rate Limits

Plan Limit
Professional 1,000 requests / hour
Enterprise 10,000 requests / hour
Custom Tailored to your needs