Authentication Overview
An introduction to how authentication works in the ClosingDealz API, including API key usage, workspace scoping, and request authorization.
Table of Contents
The ClosingDealz API uses API keyβbased authentication to securely identify and authorize requests.
Every API request must include a valid API key. This key determines who you are, which workspace you are accessing, and what actions you are allowed to perform.
How Authentication Works
Authentication is handled via a single HTTP header: Each API key is tied to a specific workspace. All requests made with that key are automatically scoped to that workspace. No session handling or OAuth flow is required, making integrations simple and reliable.
Workspace-Based Access
API keys are workspace-scoped, not user-scoped.
This means:
- All leads created via the API are created inside the workspace linked to the API key
- You cannot access or modify data outside that workspace
- Switching workspaces requires using a different API key
This ensures clear separation between organizations, clients, or projects.
Security Best Practices
To keep your integration secure:
- Store API keys server-side only
- Never expose API keys in client-side code
- Rotate keys if they are ever compromised
- Use different API keys for different environments (production, staging, etc.)
Authentication Errors
If authentication fails, the API will respond with standard HTTP error codes:
- 401 Unauthorized β Missing or invalid API key
- 403 Forbidden β API key does not have access to the requested resource
Ensure the X-API-Key header is included in every request before calling the API.