Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.heffl.com/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

API v2 uses the same API key authentication as v1. Every request must include a valid key in the x-api-key header.

API keys

Create and manage keys in Settings → Developer in the Heffl app, or at app.heffl.com/settings/developers. Each key is scoped to a team and acts on behalf of the user who created it.

Request header

curl https://api.heffl.com/api/v2/contacts \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json"

Unauthorized requests

Missing or invalid keys return 401: 
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "API key required. Include 'x-api-key' header."
  }
}

Rate limiting

API v2 shares the same rate limit as v1: 60 requests per minute per API key. Exceeding the limit returns 429 with RateLimit-* headers.

Permissions

The API key inherits the creating user’s permissions. If the user cannot create, update, or delete contacts in the app, the API will return 403 Forbidden.