Developer Docs

SaaS Starter External API

API Reference/Getting Started

Getting started with the External API

Public integration documentation for customers who want to connect the platform to other services. Authenticate with OAuth client credentials, call organization-scoped endpoints, and import the OpenAPI definition into your API tooling.

Base URL

https://production.demo.api.meccaproduction.com

Auth

OAuth 2.0 Client Credentials

API Version

External API v1

Endpoints

1 public route(s)

On this page

Getting StartedAuthenticationMake a RequestAPI ReferenceOpenAPI Spec

Authentication

Use OAuth client credentials to issue a short-lived bearer token for an organization.

  1. Create an OAuth client from the customer portal API screen (`/portal/api`) with approved scopes such as read:portal.
  2. Call POST /api/oauth/token with a JSON body containing grant_type, client_id, and client_secret.
  3. Send the returned access token in the Authorization header as Bearer <token>.

Token request body

grant_type

Required. Must be client_credentials.

client_id

Required. Issued when an OAuth client is created for the organization.

client_secret

Required. One-time visible secret returned when the client is created.

scope

Optional. Space-delimited scope string. Defaults to the client's allowed scopes when omitted.

Token response behavior

Successful responses return token_type, expires_in, access_token, and scope.

Tokens expire after 1 hour (3600 seconds).

Invalid credentials return 401 with { error: "invalid_client" }.
Unauthorized scopes return 400 with { error: "invalid_scope" }.

Make your first request

Call an organization-scoped endpoint with the bearer token returned by the OAuth token endpoint.

GET/api/external/v1/organizationScope: read:portal

Returns the organization profile attached to the OAuth client token, including name, slug, tier, and seat count. This endpoint does not require request parameters.

Required headers

Authorization

Bearer access token from the OAuth token endpoint.

Common responses

200Organization payload returned.

401Missing or invalid bearer token.

403Token is missing the required scope.

404Organization not found.

API Reference

Current public endpoints exposed to customer integrations.

GET/api/external/v1/organizationScope: read:portal

Get organization profile

Returns the organization identity and plan details for the OAuth client’s organization (id, name, slug, active tier, and seat count).

OpenAPI Spec

Import the API definition into Postman, Insomnia, or code generation tooling.

Download /developer/openapi.jsonView raw JSON in browser

OpenAPI

3.1.0

Spec Version

1.0.0

Path Count

2

Security Scheme

OAuth2 Client Credentials