Skip to main content
STR SquadSTR Squad

Build on STR Squad's API.

Pull properties, ingest events, and manage keys — programmatic access to every module.

Join the Pilot →

Public REST API

Versioned at /api/v1. All API-key endpoints expect a Authorization: Bearer … header and are rate-limited per key.

Authentication

Bearer tokens are issued from the dashboard. Each key has scoped permissions and an org-bound rate limit. Keys are SHA-256 hashed at rest — once revealed, they are shown once and never again.

Available scopes

read:propertiesread:eventswrite:eventsadmin

Endpoints

GET/api/v1/propertiesAPI Key

List properties for the authenticated organization. Paginated via ?page=1&limit=20 (max 100).

Scopes:read:properties
curl https://app.strsquad.com/api/v1/properties?page=1&limit=20 \
  -H "Authorization: Bearer strsq_live_..."
GET/api/v1/properties/[id]API Key

Fetch a single property by ID, scoped to the authenticated org.

Scopes:read:properties
curl https://app.strsquad.com/api/v1/properties/prop_abc123 \
  -H "Authorization: Bearer strsq_live_..."
GET/api/v1/eventsAPI Key

List domain events. Filter by ?module=&type= and paginate via ?page=1&limit=50.

Scopes:read:events
curl "https://app.strsquad.com/api/v1/events?module=guest-messaging&limit=50" \
  -H "Authorization: Bearer strsq_live_..."
POST/api/v1/eventsAPI Key

Ingest a custom event for downstream agent processing.

Scopes:write:events
curl -X POST https://app.strsquad.com/api/v1/events \
  -H "Authorization: Bearer strsq_live_..." \
  -H "Content-Type: application/json" \
  -d '{"module":"custom","eventType":"webhook.received","payload":{}}'
GET/api/v1/keysClerk Session

List API keys for the authenticated org. Admin operation — uses Clerk session, not Bearer token.

Scopes:admin
# Issued from the dashboard — see /admin/api-keys
POST/api/v1/keysClerk Session

Create a new API key with selected scopes. Returns the raw key once — store it securely.

Scopes:admin
# Issued from the dashboard — see /admin/api-keys
DELETE/api/v1/keys/[id]Clerk Session

Revoke an API key. Future requests using the key return 401.

Scopes:admin
# Revoked from the dashboard — see /admin/api-keys
GET/api/v1/openapiPublic

OpenAPI 3.1 specification — drop into Postman, Insomnia, or generate clients.

curl https://app.strsquad.com/api/v1/openapi

Generate your API key

Sign in to issue, scope, and revoke keys from /admin/api-keys.

Sign in

Plug STR Squad into your stack.

Webhooks, CRMs, internal dashboards — the API surface is everything our own admin uses.

Join the Pilot →