Authentication
API keys and Bearer tokens for the REST API. Team and Agency plans only.
Authenticate programmatic requests to the Styrar REST API with API keys or OAuth access tokens. Both use the same /v1/ routes and scope strings.
Plan requirement: API access is included on Team and Agency plans only. Free and Solo workspaces cannot create API keys or use the REST API for automation. Upgrade under Settings → Billing or see pricing.
Base URL
https://api.styrar.com/v1
All routes below are relative to this base. Use HTTPS in production.
API keys (recommended for your own automation)
API keys are best when you own the integration (scripts, your backend, Zapier-style connectors). There is no end-user OAuth consent screen.
Create a key
- Sign in to a workspace on Team or Agency.
- Open Settings → API keys (
/settings/api-keys). - Choose scopes your integration needs (see Scopes below).
- Copy the full key when shown. Styrar stores only a hash and cannot show it again.
Key format:
sty_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sty_live_— productionsty_test_— development and staging
Legacy ssp_* keys remain valid until revoked.
Send the key
GET /v1/posts?companyId=YOUR_COMPANY_ID&limit=20 HTTP/1.1
Host: api.styrar.com
Authorization: Bearer sty_live_your_api_key
Accept: application/json
If your workspace is not on Team or Agency, key creation returns:
{
"error": "API access is not included in your plan. Upgrade to create API keys."
}
Rate limits
API key requests: 1000 requests per hour per key. On breach you receive 429 Too Many Requests with a retry message.
OAuth access tokens (partner apps)
Third-party apps that act on behalf of a Styrar user use OAuth 2.0 with user consent on the dashboard. See OAuth integration.
The authorizing user's workspace must be on Team or Agency for the integration to be useful: without API access on the plan, they cannot create API keys, and partner flows expect programmatic access on eligible workspaces.
Send the opaque access token the same way:
Authorization: Bearer YOUR_ACCESS_TOKEN
Workspace scope
Resources are company-scoped or personal (user-owned).
Company workspace
Pass companyId as a query parameter or in the JSON body where the route supports it:
GET /v1/links?companyId=clxyz_company
API keys are bound to the company selected at creation. OAuth tokens must match the company authorized at consent time.
Personal workspace
Omit companyId for personal resources. API keys can be created for personal scope when the signed-in user is on Team or Agency.
Scopes
Scopes are capability strings enforced per route. Your API key or OAuth token must include the scope required by each endpoint.
Core scopes (typical integrations)
| Scope | Access |
|---|---|
posts:read | List and read posts, calendar, live preview |
posts:write | Create, update, schedule, duplicate posts |
posts:delete | Delete posts, remove from networks |
links:read | Read links, bio pages, folders, tags, routing, A/B tests |
links:write | Create and update links, bio pages, bulk operations |
campaigns:read | Read campaigns |
campaigns:write | Create and update campaigns |
analytics:read | Social, link, and bio analytics |
media:write | Upload and list media library (required for attachments in posts) |
social:read | List connected social accounts (for POST TO targets) |
webhooks:read | List webhook endpoints and deliveries |
webhooks:write | Create and manage webhook endpoints |
Advanced scopes (on request)
| Scope | Access |
|---|---|
automations:read / automations:write | Automation flows (Team+; plan also requires automationBuilder) |
approval_flows:* / approval_tasks:* | Approval workflows |
activity:read | Activity feed and workspace audit (human-readable) |
social:write | Connect or disconnect social accounts (sensitive; partner review) |
Contact support if you need scopes beyond the defaults for your integration.
Errors
Most errors return JSON:
{ "error": "Human-readable message" }
| HTTP | Meaning |
|---|---|
| 400 | Invalid request or validation failed |
| 401 | Missing or invalid Bearer token |
| 403 | Forbidden (missing scope, wrong workspace, or plan limit) |
| 404 | Resource not found |
| 429 | Rate limited |
| 500 | Server error |
Plan quota errors (posts per month, storage, etc.) also return 403. Surface the message to the user and link them to billing rather than retrying blindly.
Related
- Introduction — base URL, response codes, and rate limits
- Endpoints — route catalog
- OAuth integration — partner authorization code flow
- Webhooks — signed outbound events
- API keys and connected apps — help center overview