Key types
Secret keys — gt_live_
Full server-side keys. Use only from your backend, never in a browser. Gated
by the workspace’s API-v1 entitlement.
Publishable keys — gt_pub_
Client-safe, write-only keys for browser ingest. Origin-pinned and
CORS-enabled, with only the
write:ingest scope. Safe to ship in front-end code.Scopes
Each key is granted a set of scopes. A request needs the scope its endpoint requires, or it returns403 Insufficient scope. A key with the * scope passes any check.
| Endpoint | Method | Required scope |
|---|---|---|
/companies, /companies/{id} | GET | read:companies |
/companies, /companies/{id} | POST, PATCH | write:companies |
/contacts, /contacts/{id} | GET | read:contacts |
/contacts, /contacts/{id} | POST, PATCH, DELETE | write:contacts |
/signals, /signals/{id} | GET | read:signals |
/signals, /signals/batch, /signals/{id} | POST, PATCH, DELETE | write:signals |
/webhooks, /webhooks/{id} | GET | read:webhooks |
/webhooks, /webhooks/{id}, /webhooks/{id}/test | POST, PATCH, DELETE | write:webhooks |
/events | POST | write:events or write:ingest |
/metric-events | POST | write:events |
read:revenue, read:health, read:deals).
Errors
| Status | Meaning |
|---|---|
401 | Missing Authorization header, or an expired, revoked, or invalid key. |
403 | The key lacks the required scope, or API v1 is not enabled for the workspace. |
429 | The key’s rate limit was exceeded. Back off and retry. |