Skip to main content
Before your app can authenticate Vendaze users, you need to register it. Registration is open to any developer with no approval process. Your credentials arrive by email within seconds.
Don’t have a Vendaze account yet? Create one free. New accounts include a 14-day trial so you can build and test your integration before requesting access from real users.
Each email address can only be associated with one registered app. If you need to update your app’s name, redirect URIs, or rotate credentials, use the rotate app endpoint instead of registering again.

What you need

  • A valid email address to receive the credentials (one app per email address)
  • At least one HTTPS redirect URI for your OAuth callback
  • A decision on which scopes your integration needs

Register via API

Send a POST to /v1/auth/register-app:
curl -X POST https://api.vendaze.com/v1/auth/register-app \
  -H "Content-Type: application/json" \
  -d '{
    "app_name": "My Integration",
    "email": "dev@yourapp.com",
    "description": "Syncs contacts and deals between Vendaze and MyApp",
    "avatar_url": "https://yourapp.com/assets/logo.webp",
    "redirect_uris": ["https://yourapp.com/oauth/callback"],
    "scopes": ["people:read", "people:write", "deals:read"]
  }'
Response (201):
{
  "data": {
    "app_name": "My Integration",
    "client_id": "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d",
    "avatar_url": "https://storage.vendaze.com/assets/integrations/myintegration.jpg",
    "message": "Credentials sent by email."
  }
}
If the email address is already associated with a registered app, the request is rejected: Response (409):
{
  "error": {
    "code": "conflict",
    "message": "An app is already registered with this email address.",
    "request_id": "01966b3e-7c2a-7000-8f1e-4d3b2a1c0e9f"
  }
}
To update an existing app or rotate its credentials, use the rotate app endpoint with your client_id and registered email. Your client_secret is sent only by email and never returned in the API response. Store it securely as soon as you receive it.

Request parameters

ParameterTypeRequiredDescription
app_namestringYesIntegration name shown to users on the consent screen. Max 100 chars.
emailstringYesEmail where credentials will be sent. Each address can only be associated with one registered app.
descriptionstringNoShort description of what your app does. Max 500 chars.
avatar_urlstringNoHTTPS URL of your app logo. Accepted formats: JPEG, PNG, WebP, GIF, BMP, TIFF. Max 2MB.
redirect_urisstring[]YesOne or more HTTPS URIs for the OAuth callback. Exact match required.
scopesstring[]YesScopes your app needs. The user sees the full list on the consent screen and approves or denies everything at once.
The avatar_url in the response is always a https://storage.vendaze.com URL.

Redirect URIs

URIs must be exact HTTPS URLs. Wildcards and patterns are not accepted:
Accepted:  https://yourapp.com/oauth/callback
Accepted:  https://yourapp.com/integrations/vendaze/callback
Rejected:  https://yourapp.com/oauth/*
Rejected:  http://yourapp.com/callback
During local development, http://localhost and http://127.0.0.1 are accepted. You can register multiple redirect URIs for different environments. At authorization time, the redirect_uri in the request must exactly match one of the registered URIs.

Available scopes

ScopeDescription
people:readRead contacts (people)
people:writeCreate, update, delete people
companies:readRead companies
companies:writeCreate, update, delete companies
deals:readRead deals
deals:writeCreate, update, delete deals
tasks:readRead tasks
tasks:writeCreate, update, delete tasks
activities:readRead activities
activities:writeCreate, delete activities
products:readRead products
products:writeCreate, update, delete products
tags:readRead tags
tags:writeCreate, update, delete tags
lists:readRead lists
lists:writeCreate, update, delete lists
custom_fields:readRead custom fields and their values
custom_fields:writeCreate, update, delete custom fields
Requesting a scope during registration does not guarantee access will be granted. On the consent screen, the user sees all requested scopes and can only approve or deny access in full. Individual scope selection is not possible.
Your client_secret is shown only once, in the email you receive after registration. If you lose it, you can rotate your credentials using your client_id and registered email. Never commit it to version control or include it in client-side code.

Next step

With your client_id and client_secret, you are ready to implement the OAuth flow. See Authentication to authorize your first user, or Rotate app credentials if you need to update your app later. Once your integration is fully built and live, you can apply for the Verified badge to have your app listed in the Vendaze marketplace and marked as trusted on the consent screen.