Skip to main content
The Klipy API is the HTTP interface for Klipy—the CRM for founders and small teams. Use it to read and write people, companies, and interactions from your own systems, the same records you manage in the app. This page is the high-level getting started guide. For every path, parameter, and response shape, use the interactive API reference and OpenAPI-backed endpoint pages.
Searching for “Klipy API” may surface unrelated products. This documentation applies only to Klipy (klipy.ai, app.klipy.ai, api.klipy.ai).

Beta status

The Klipy API is in open beta. Until general availability:
  • There is no SLA for uptime or latency during the beta.
  • Specifications and behavior can change; treat the published OpenAPI spec and this site as the source of truth, not older third-party copies.
  • Test in a non-production workspace before relying on the API in production workflows.
  • Some operations may be irreversible at the data level (for example deletes); confirm behavior in the reference before you automate destructive paths.

Authentication

Every request must include a valid API key. Workspace admins create keys in the app.
1

Create a key

Follow Issuing API keys—open Settings → API, create a key with the minimum scopes your integration needs, and copy it once.
2

Send the key on every request

Use one of:
X-Klipy-Api-Key: klipy_api_<your_key_id>

Authorization: Bearer klipy_api_<your_key_id>
Keys use the klipy_api_ prefix. Store them in a secret manager or environment variables—never commit keys to source control or expose them in client-side code.

Base URL

Production: 
https://api.klipy.ai/api/v1
Use HTTPS only.

Verify your API key

Send a GET request to the authenticate endpoint: 
curl --request GET \
  --url https://api.klipy.ai/api/v1/authenticate \
  --header 'X-Klipy-Api-Key: klipy_api_<your_key_id>'
A successful response confirms the key and returns organization context (see Authenticate).

Endpoint reference

The API reference lists all operations with request and response schemas. Common entry points:
  • Validate accessAuthenticate
  • People — query, create, update, and delete person records
  • Companies — manage company records
  • Interactions — read and create interaction activity

Rate limits

Limits apply per API key and per organization:
LimitValue
Per API key200 requests per minute
Per organization1000 requests per minute
Successful responses include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When you exceed a limit, the API returns 429 Too Many Requests with a Retry-After header. Design clients to back off (for example exponential backoff) and to treat 429 as a normal transient condition.

Scopes

Each key is issued with scopes. Every endpoint requires an appropriate scope; details appear on each operation in the API reference. If the key is missing, invalid, or not scoped for the operation, you receive 401 or 403 with a structured error body. See Issuing API keys for the scope list and API reference introduction for how scopes map to endpoints.

Practices for stable integrations

  • Store keys in secrets — Use a vault or your platform’s secret store; rotate on a schedule or when someone leaves the team.
  • Separate keys by environment — Use different keys for development, staging, and production so a test script cannot touch production data.
  • Handle errors explicitly — Parse 4xx and 5xx responses; do not assume every call returns 2xx.
  • Respect rate limits — Back off on 429; avoid tight loops that retry without delay.
  • Monitor usage — Track response codes and latency so you catch auth or quota issues early.
Last modified on April 6, 2026