Back to docs

API reference

Authentication

API keys and Bearer tokens for the REST API. Team and Agency plans only.

Authenticate programmatic requests to the Styrar REST API with API keys or OAuth access tokens. Both use the same /v1/ routes and scope strings.

Plan requirement: API access is included on Team and Agency plans only. Free and Solo workspaces cannot create API keys or use the REST API for automation. Upgrade under Settings → Billing or see pricing.

Base URL

https://api.styrar.com/v1

All routes below are relative to this base. Use HTTPS in production.

API keys are best when you own the integration (scripts, your backend, Zapier-style connectors). There is no end-user OAuth consent screen.

Create a key

  1. Sign in to a workspace on Team or Agency.
  2. Open Settings → API keys (/settings/api-keys).
  3. Choose scopes your integration needs (see Scopes below).
  4. Copy the full key when shown. Styrar stores only a hash and cannot show it again.

Key format:

sty_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • sty_live_ — production
  • sty_test_ — development and staging

Legacy ssp_* keys remain valid until revoked.

Send the key

HTTP
GET /v1/posts?companyId=YOUR_COMPANY_ID&limit=20 HTTP/1.1
Host: api.styrar.com
Authorization: Bearer sty_live_your_api_key
Accept: application/json

If your workspace is not on Team or Agency, key creation returns:

JSON
{
  "error": "API access is not included in your plan. Upgrade to create API keys."
}

Rate limits

API key requests: 1000 requests per hour per key. On breach you receive 429 Too Many Requests with a retry message.

OAuth access tokens (partner apps)

Third-party apps that act on behalf of a Styrar user use OAuth 2.0 with user consent on the dashboard. See OAuth integration.

The authorizing user's workspace must be on Team or Agency for the integration to be useful: without API access on the plan, they cannot create API keys, and partner flows expect programmatic access on eligible workspaces.

Send the opaque access token the same way:

HTTP
Authorization: Bearer YOUR_ACCESS_TOKEN

Workspace scope

Resources are company-scoped or personal (user-owned).

Company workspace

Pass companyId as a query parameter or in the JSON body where the route supports it:

HTTP
GET /v1/links?companyId=clxyz_company

API keys are bound to the company selected at creation. OAuth tokens must match the company authorized at consent time.

Personal workspace

Omit companyId for personal resources. API keys can be created for personal scope when the signed-in user is on Team or Agency.

Scopes

Scopes are capability strings enforced per route. Your API key or OAuth token must include the scope required by each endpoint.

Core scopes (typical integrations)

ScopeAccess
posts:readList and read posts, calendar, live preview
posts:writeCreate, update, schedule, duplicate posts
posts:deleteDelete posts, remove from networks
links:readRead links, bio pages, folders, tags, routing, A/B tests
links:writeCreate and update links, bio pages, bulk operations
campaigns:readRead campaigns
campaigns:writeCreate and update campaigns
analytics:readSocial, link, and bio analytics
media:writeUpload and list media library (required for attachments in posts)
social:readList connected social accounts (for POST TO targets)
webhooks:readList webhook endpoints and deliveries
webhooks:writeCreate and manage webhook endpoints

Advanced scopes (on request)

ScopeAccess
automations:read / automations:writeAutomation flows (Team+; plan also requires automationBuilder)
approval_flows:* / approval_tasks:*Approval workflows
activity:readActivity feed and workspace audit (human-readable)
social:writeConnect or disconnect social accounts (sensitive; partner review)

Contact support if you need scopes beyond the defaults for your integration.

Errors

Most errors return JSON:

JSON
{ "error": "Human-readable message" }
HTTPMeaning
400Invalid request or validation failed
401Missing or invalid Bearer token
403Forbidden (missing scope, wrong workspace, or plan limit)
404Resource not found
429Rate limited
500Server error

Plan quota errors (posts per month, storage, etc.) also return 403. Surface the message to the user and link them to billing rather than retrying blindly.

Join the beta waitlist

By signing up you agree to receive marketing email. See our Privacy Policy.