API Authentication
The Skode API uses API keys for server-to-server communication and OAuth 2.0 for user-authenticated integrations. All API requests must be made over HTTPS. The base URL for all endpoints is https://api.skodeai.com/v1.
API Key Authentication
Generate an API key under Settings > API & Webhooks > API Keys. Click Generate Key, provide a label, and copy the key immediately — it will not be shown again. Include the key in the Authorization header:
curl -X GET https://api.skodeai.com/v1/leads \
-H "Authorization: Bearer sk_live_your_api_key_here" \
-H "Content-Type: application/json"OAuth 2.0
For integrations that act on behalf of a user, use OAuth 2.0 Authorization Code flow. Register your application under Settings > API & Webhooks > OAuth Apps to obtain a client_id and client_secret. The authorization endpoint is https://app.skodeai.com/oauth/authorize and the token endpoint is https://api.skodeai.com/v1/oauth/token.
// Exchange authorization code for access token
const response = await fetch('https://api.skodeai.com/v1/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
grant_type: 'authorization_code',
code: 'AUTH_CODE_HERE',
client_id: 'your_client_id',
client_secret: 'your_client_secret',
redirect_uri: 'https://your-app.com/callback'
})
});Rate Limits
API requests are rate limited per API key:
- Free plan — 100 requests per minute
- Pro plan — 1,000 requests per minute
- Enterprise plan — 10,000 requests per minute
Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When the limit is exceeded, the API returns a 429 Too Many Requests response with a Retry-After header.
Error Handling
The API returns standard HTTP status codes. Error responses include a JSON body with error (machine-readable code) and message (human-readable description). Common errors: 401 Unauthorized, 403 Forbidden, 404 Not Found, 422 Unprocessable Entity, and 429 Too Many Requests.