Open App

Authentication

The YSUITE External API uses an Access Key + Secret Key pair for authentication. Both values must be sent as request headers on every call.

Generating API credentials

  1. Sign in to your YSUITE workspace.
  2. Go to Settings → API Keys.
  3. Click Create API Key.
  4. Give it a descriptive name (e.g. "CRM Integration" or "ERP Sync").
  5. Copy both the Access Key and Secret Key immediately — the secret is only shown once.

Using your credentials

Add both headers to every request:

GET https://api.ysuite.org/v1/contacts
x-ysuite-access-key: YOUR_ACCESS_KEY
x-ysuite-secret-key: YOUR_SECRET_KEY

Example with cURL:

curl -X GET https://api.ysuite.org/v1/contacts \
  -H "x-ysuite-access-key: YOUR_ACCESS_KEY" \
  -H "x-ysuite-secret-key: YOUR_SECRET_KEY"

Example with JavaScript (fetch):

const res = await fetch('https://api.ysuite.org/v1/contacts', {
  headers: {
    'x-ysuite-access-key': process.env.YSUITE_ACCESS_KEY,
    'x-ysuite-secret-key': process.env.YSUITE_SECRET_KEY,
  }
});
const { success, data } = await res.json();

Revoking credentials

Go to Settings → API Keys and click Revoke next to any key pair. Revoked credentials stop working immediately.

Security best practices

  • Never commit credentials to source code or version control.
  • Store both keys in environment variables at runtime.
  • Create separate key pairs per integration — simplifies auditing and revocation.
  • Revoke unused keys immediately.

Error: 401 Unauthorized

If you receive a { "success": false } with HTTP 401, check that:

  • Both x-ysuite-access-key and x-ysuite-secret-key headers are present.
  • The keys have not been revoked.
  • The keys belong to the correct YSUITE workspace.
← PreviousIntroductionNext →Errors