API Reference
Authentication
API key authentication, scopes, and rate limiting.
All external API endpoints require API key authentication and live under /v1/ext/.
Creating an API key
- Go to Settings → Company Settings → API Keys
- Click "Create API Key"
- Name your key (e.g., "Zapier Integration", "Internal Script")
- Copy the key. It is only displayed once and cannot be retrieved later.
Using your API key
Include the key in the x-api-key header with every request:
curl -H "x-api-key: YOUR_API_KEY" \
https://slate.zerulean.com/v1/ext/items
Scopes
Each API key has scopes that control what it can access:
items:read | List and get items |
items:write | Create and update items |
tasks:read | List and get tasks |
tasks:write | Create and update tasks |
hooks:manage | Subscribe/unsubscribe REST hooks |
New keys are created with all scopes by default.
Rate limits
- 60 requests per minute per API key
- Exceeding the limit returns
429 Too Many Requests - The rate limit window is 60 seconds
Errors
401 | Invalid or missing API key |
402 | Company subscription inactive. API access requires an active subscription. |
403 | Key lacks required scope |
429 | Rate limit exceeded |
Key management
- Rename keys to keep track of what they are used for
- Revoke keys immediately when no longer needed
- Keys can have optional expiration dates