Public API

REST. Idempotent. Operator-shaped.

Leads, deals, jobs, tasks, invoices, approvals, webhooks. Full SQL + REST spec under /docs/sourcedeck/SELF_SETUP_SQL_AND_API_SPEC.md.

Base URL

https://api.sourcedeck.app/v1/ · TLS only · JSON only · UTF-8.

Auth

Bearer token. Issue per-workspace under /settings/ → API keys. Scope-limited (read · write · admin).

Rate limits

600 req/min workspace · 60 req/min per token. 429 with Retry-After header.

Idempotency

All POST accepts Idempotency-Key header. 24h replay window. Dedupes at create-time.

Core endpoints

POST/v1/leadscreate lead · runs ICP scoring
GET/v1/leads?score_gte=80list leads · filter by ICP fit
POST/v1/dealscreate deal from lead
POST/v1/jobscreate delivery job · triggers playbook
PATCH/v1/tasks/:idupdate task · fires state event
POST/v1/invoicesdraft invoice · syncs to Stripe
GET/v1/approvals?status=pendinglist pending approvals
POST/v1/approvals/:id/decideapprove or reject
POST/v1/webhooksregister outbound subscription
GET/v1/events?type=lead_qualifiedtail event stream

Webhooks · outbound

HMAC-signed with X-SourceDeck-Signature. At-least-once delivery · 24h exponential retry. Event taxonomy: lead.* · deal.* · job.* · invoice.* · approval.*.

SDKs

Node + Python coming Phase 2. In the meantime: standard fetch or requests works fine. Full OpenAPI schema under /docs/sourcedeck/.

Sandbox

Test-mode workspace with fixture data. Provision with X-Sandbox: true header on any key issued from a trial workspace.

Support

Operator-tier customers get a shared Slack channel + 4h response. Other tiers: api@arivergrop.com.

Full spec

Authoritative contract (Postgres DDL + REST definitions + error taxonomy + RBAC): /docs/sourcedeck/ →