100/s
Free & Pro
Authentication
Authenticate every request with a bearer token. Generate keys under Settings → Developers → API keys in your dashboard. Keys are scoped per-workspace and respect the same roles & permissions as your team members — a read-only key cannot write.
Authorization header
# Every request carries your secret key
curl https://api.mewayz.com/v2/contacts \
-H "Authorization: Bearer sk_live_8f3a...d92c"
For third-party apps acting on behalf of users, use the OAuth 2.0 authorization-code flow instead. Scopes map one-to-one to modules (crm.read, invoicing.write, …).
Quickstart
Create your first contact in under a minute. The API mirrors the data model you already see in the product — no translation layer.
POST /v2/contacts
curl -X POST https://api.mewayz.com/v2/contacts \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Ada Lovelace",
"email": "[email protected]",
"tags": ["lead", "inbound"],
"owner_id": "usr_2x9k"
}'
Response · 201 Created
{
"id": "con_7Hq2Lp",
"object": "contact",
"name": "Ada Lovelace",
"email": "[email protected]",
"created": 1748217600
}
Errors & status codes
We use conventional HTTP status codes. Bodies always include a machine-readable code and a human-readable message you can surface directly.
| 200 | OK — request succeeded |
| 201 | Created — resource created |
| 400 | Bad request — invalid parameters |
| 401 | Unauthorized — missing or invalid key |
| 429 | Too many requests — you hit a rate limit |
| 500 | Server error — we'll have it on status |
Rate limits
Limits scale with your plan. Every response includes X-RateLimit-Remaining and X-RateLimit-Reset headers so you can back off gracefully.
500/s
Business
2,000/s
Agency
Contacts /v2/contacts
The CRM contact is the most-used resource. Full CRUD, bulk endpoints, and filtering on any custom field.
| GET | /v2/contacts | List & filter contacts |
| POST | /v2/contacts | Create a contact |
| GET | /v2/contacts/:id | Retrieve one |
| PUT | /v2/contacts/:id | Update fields |
| DEL | /v2/contacts/:id | Delete a contact |
Invoices /v2/invoices
Issue, send, and reconcile invoices. Creating an invoice can optionally trigger the same email + PDF pipeline the product uses.
| GET | /v2/invoices | List invoices |
| POST | /v2/invoices | Draft an invoice |
| POST | /v2/invoices/:id/send | Send to customer |
| GET | /v2/invoices/:id/pdf | Render PDF |
Tickets /v2/tickets
Read and write helpdesk tickets, replies, and CSAT. Pairs with the ticket webhooks for real-time sync into your own tools.
| GET | /v2/tickets | List tickets |
| POST | /v2/tickets/:id/replies | Add a reply |
| PUT | /v2/tickets/:id | Change status / assignee |
Webhooks
Subscribe to events and we'll POST a signed payload to your endpoint within seconds. Verify the Mewayz-Signature header against your signing secret to confirm authenticity.
Example event
{
"id": "evt_9Kp2",
"type": "invoice.paid",
"data": { "id": "inv_44a1", "amount": 240000, "currency": "usd" }
}
120+ event types across every module. Manage subscriptions under Settings → Developers → Webhooks.
Official SDKs
Typed clients that wrap auth, retries, and pagination. Install and go.
Node / TypeScript
npm i @mewayz/node — full types, async iterators for pagination.
Python
pip install mewayz — sync & async, dataclass models.
PHP
composer require mewayz/php — Laravel service provider included.
Ruby
gem install mewayz — idiomatic, with webhook verification helper.
Postman & OpenAPI
Prefer to explore by clicking? The full surface is published as an OpenAPI 3.1 spec and a one-click Postman collection. Both stay in lockstep with every release.
OpenAPI 3.1 spec
Machine-readable schema for codegen and contract tests. Download YAML →
Postman collection
Pre-filled environment, every endpoint, example responses. Run in Postman →
Stuck on something? The Help Center has integration guides, or talk to our team — developers answer developer questions.