The Jeanus public API.
REST. JSON. Per-tenant API keys. Rate-limited at 60 requests / minute. Audit-logged. Free on every Jeanus plan, including Groundwork. Use it for Zapier, your own scripts, or wiring your data warehouse.
Quick start
Get an API key in Settings → API keys. Pass it in the Authorization header on every request.
bashcurl https://jeanus.app/api/v1/customers \ -H "Authorization: Bearer jns_live_..."
Security model
Six layers of protection on every request:
- Per-tenant keys. Each workspace mints its own keys. Keys from tenant A can never see tenant B's data.
- Hashed at rest. We store the SHA-256 hash, never the plaintext. If our database were ever exposed, your keys still aren't.
- Scoped. Read keys can list. Write keys can additionally create. Always start read-only.
- Rate-limited. 60 requests per minute per key. Headers tell you where you stand:
X-RateLimit-Remaining,X-RateLimit-Reset. - Audit-logged. Every request, success or fail, lands in your audit log. View it in Settings.
- Revocable. One click to revoke a leaked key. Soft delete - audit log stays intact.
If a key is ever exposed (committed to git, pasted in Slack), revoke it immediately and mint a new one.
Endpoints
v1 ships the four most-used reads and the most-used write. More land in the next ship - if there's one you'd use today, let us know.
/api/v1/customersread scope- ?limit=50 (default 50, max 200)
- ?offset=0
- ?q=acme (prefix match on name or email)
/api/v1/productsread scope- ?limit=
- ?offset=
- ?q=
/api/v1/leadsread scope- ?stage=qualified|new|contacted|meeting_booked|proposal|won|lost
- ?q=
/api/v1/ordersread scope- ?status=open|delivered|cancelled
- ?customer_id=UUID
- ?since=YYYY-MM-DD
/api/v1/leadswrite scope- Body: { name (required), company, email, phone, stage, estimated_value, probability, source, notes }
Example: create a lead from Zapier
The most common use case is forwarding form fills, calendar bookings, or chat conversations from another tool into Jeanus as a lead.
bashcurl -X POST https://jeanus.app/api/v1/leads \ -H "Authorization: Bearer jns_live_..." \ -H "Content-Type: application/json" \ -d '{ "name": "Sarah Patel", "company": "Patel Holdings", "email": "sarah@patelholdings.com", "stage": "new", "source": "calendly", "estimated_value": 12000 }'
Example: pull this week's new customers
javascriptconst r = await fetch( 'https://jeanus.app/api/v1/customers?limit=200', { headers: { Authorization: `Bearer ${process.env.JEANUS_API_KEY}` } } ) const { data, pagination } = await r.json() console.log(`Got ${data.length} of ${pagination.total} customers`)
Errors
Every error response has the same shape:
json{ "error": { "code": "missing_scope", "message": "This key does not have \"write\" scope" }, "request_id": "8f2a..." }
Common codes: missing_auth, invalid_format, invalid_key, revoked, missing_scope, rate_limited, invalid_param, missing_field, db_error, internal_error.
What's coming next
Next ship adds more reads (deals, contacts, activities, quotes), more writes (create customers, log activities), and webhooks so you can react to lead-stage changes from Zapier or your own backend. A public Zapier app follows after that.