Skip to main content
Developer API requests use bearer authentication. 
curl https://api.app.firstsales.io/api/v1/whoami \
  -H "Authorization: Bearer $FIRSTSALES_API_KEY"

API key behavior

  • Raw keys are shown once at creation time.
  • FirstSales stores only a hash and a display prefix.
  • Revoked keys stop working immediately.
  • Keys are bound to the creator’s organization membership.
  • If the creator loses access or is suspended, the key fails closed.

Access levels

Developer API keys have an access level:
  • workspace: can operate only workspace-scoped resources and requires a workspace target.
  • organization: can operate organization-scoped resources only with explicit organization scopes.
Wildcard scopes do not silently grant dangerous organization-admin powers.

Scopes

Use the narrowest scope set possible. Common scopes include:
  • campaigns:read, campaigns:write
  • contacts:read, contacts:write
  • inbox:read, inbox:write
  • connectors:read, connectors:write
  • billing:read, billing:write
  • api_keys:read, api_keys:write
  • members:read, members:write
  • groups:write
  • domains:read, domains:write

CLI auth order

The CLI resolves credentials in this order:
  1. --api-key
  2. FIRSTSALES_API_KEY
  3. Selected local profile
Use environment variables for CI and AI agents.