access_token and a real API response in your terminal.
Prerequisites
- A Vendaze account with at least one active workspace (create one free if you don’t have one)
curlavailable in your terminal
1. Register the app
Send a registration request with your app name, contact email, redirect URIs, and the scopes you need. This endpoint is public and requires no authentication.client_id and client_secret. Open the link within 15 minutes. The link expires and cannot be reopened.
Copy both values to a safe place before continuing.
2. Build the authorization URL
Build the authorization URL and open it in your browser. ReplaceYOUR_CLIENT_ID with the value you received.
state parameter should be a random string you generate. In production, store it in the session and verify it on the callback to prevent CSRF attacks.
3. Authorize and get the code
After opening the URL in your browser, you will:- Log in with your Vendaze account
- Select a workspace to connect
- Review the requested scopes
- Click “Authorize”
code value from the URL. It expires in 10 minutes and can only be used once.
4. Exchange the code for tokens
Send the code from your server. This request must never be made from the browser.What just happened
| Field | What it means |
|---|---|
access_token | A signed JWT that authorizes requests to the workspace. Include it as Authorization: Bearer <token> in every API call. Expires in 1 hour. |
refresh_token | A long-lived token used to get a new access_token without user interaction. Valid for 60 days from last use. Store this encrypted in your DB. |
token_type | Always Bearer. Tells you how to send the token in the Authorization header. |
expires_in | Seconds until the access_token expires. Always 3600. Use this to schedule proactive refreshes. |
workspace_slug | The slug of the workspace the user authorized. Use this to identify which workspace this token belongs to in your own data model. |
5. Retrieve a contact
Use theaccess_token to make your first real API call. Fetch a specific person by their UUID:
company, tags, lists, and custom_fields.
What to explore next
Custom Fields
Read and write workspace-defined custom fields on people, companies, and deals.
Errors
Understand error codes and build resilient error handling.
Webhooks
Receive real-time notifications when events occur in workspace data.
API Reference
Full endpoint reference with request and response schemas.