Workspaces
Vendaze is a multi-workspace platform. A single account can belong to multiple workspaces, like a consultant working across several clients or a company with multiple business units. When a user authorizes your app via OAuth, they choose one specific workspace to connect. All operations made with that token belong exclusively to that workspace.You never send any workspace identifier in requests. The workspace context is embedded in the
access_token at authorization time and resolved automatically by the API on every call.Authentication model
The Vendaze API uses OAuth 2.1 Authorization Code flow withclient_secret. Your app:
- Registers with Vendaze to receive a
client_idandclient_secret - Redirects users to authorize access to their workspace
- Receives an
access_token(valid for 1 hour) and arefresh_token(valid for 60 days) - Includes the
access_tokenas a Bearer token in every request
Scopes
Scopes define what your app can do. You declare the required scopes when registering the app. On the consent screen, the user sees the full list of requested scopes and can only approve or deny access in full. Individual scope selection is not possible.| Scope | Access |
|---|---|
people:read | Read contacts (people) |
people:write | Create, update, delete people |
companies:read | Read companies |
companies:write | Create, update, delete companies |
deals:read | Read deals |
deals:write | Create, update, delete deals |
tasks:read | Read tasks |
tasks:write | Create, update, delete tasks |
activities:read | Read activities |
activities:write | Create, delete activities |
products:read | Read products |
products:write | Create, update, delete products |
tags:read | Read tags |
tags:write | Create, update, delete tags |
lists:read | Read lists |
lists:write | Create, update, delete lists |
custom_fields:read | Read custom field definitions |
custom_fields:write | Create, update, delete custom fields |
webhooks:manage | Create, read, update, and delete webhooks |
Resource IDs
All IDs in the Vendaze API are UUIDs in string format:Dates and times
All timestamps are ISO 8601 UTC strings:422 error.
Monetary values
Price fields likeprice_cts are integers representing the amount in cents:
19900 represents 199,00 in BRL). Your app is responsible for conversion and display formatting. This approach eliminates floating-point rounding issues and is consistent across all currencies.
Soft delete
Resources like people, companies, and deals support soft delete. When deleted via the API, the record is marked as deleted internally but not permanently removed from the database. From your integration’s perspective, the behavior is transparent:DELETE /v1/people/:idreturns204and the record becomes inaccessibleGET /v1/people/:idfor a deleted record returns404
Response envelope
Every Vendaze API response follows the same format:error. A non-2xx response always contains error. Never check for errors inside a successful response body.