Skip to main content
All CollectionsIntegrationsAPI 1.0
Authentication
Authentication

How to get access to Woodpecker API

Weronika Wróblewska avatar
Written by Weronika Wróblewska
Updated over a month ago

IN THIS ARTICLE:

  1. Authentication overview

  2. How to access Woodpecker API

  3. Master API Key Authentication

Authentication overview

Authentication is made with API key. You can generate it in your Woodpecker panel. Not sure how? Check this guide.

API Key is a part of an API Key and Integrations add-on, click here to learn how to get it on Marketplace »

Your API key identifies your account so keep it secret!

Remember, API key is a required parameter. We'll return an error if it's missing or invalid.

Another noteworthy thing is that if you use Agency panel, each company you've added can have their own API keys. To access any data from a specific company added to your Agency, you need to generate API key for this company.

How to access Woodpecker API

All API requests starts with https://api.woodpecker.co/rest/v1.

To make request you can place your API key in headers, as following:

     headers : { 
          "Authorization" : "Basic <API KEY>" 
      }

If you prefer to use cURL, you can use the following syntax:

curl --location --request GET 'https://api.woodpecker.co/rest/v1/endpoint_of_your_choice' \ 
--header 'Authorization: Basic <API_KEY>'

Remember to encode your API key to Base64 format before using it in cURL request.

If you're using an API platform such as Postman to access the API, you need to choose Authentication Basic option and provide your API key (not encoded) as a username or password.

Master API Key Authentication

By using the API Key generated on the main account of the Agency, you can specify in the header the ID of the company in the context of which you want the request to be interpreted. This way, using one key from the main account, you can make requests as different companies (instead of making the API Key change to one coming from a company).

To determine whether a request should be treated under the Agency company besides the authorization header, use the following header:

x-company-id: <YOUR_CLIENT_COMPANY_ID>

If you prefer to use cURL, you can use the following syntax (with header):

curl --location --request GET 'https://api.woodpecker.co/rest/v1/webhooks'\ 
--header 'x-api-key: <YOUR_AGENCY_HQ_API_KEY>' \ 
--header 'x-company-id: <YOUR_CLIENT_COMPANY_ID>'

Sample response:

{
    "webhooks": [
        {
            "target_url": "https://yourdomain.com/webhooks/target_url/<YOUR_CLIENT_COMPANY_ID>",
            "event": "PROSPECT_REPLIED"
        }
    ]
}

Error list

HTTP

type

description

400

BAD_REQUEST

X-Company-Id given but not numeric

403

FORBIDDEN

X-Company-Id given but it's not the key from the main Agency account

404

NOT_FOUND

X-Company-Id given but company does not exist within the particular agency from which the key originates

409

CONFLICT

X-Company-Id given but company is inactive

403

FORBIDDEN

X-Company-Id given but key generated by a user who does not have access to the company in question

Did this answer your question?