Use the Slokoto REST API to manage leads programmatically. Create, list, update, and archive leads from your own applications, scripts, or integrations.
What the API does
The Slokoto REST API gives you programmatic access to your workspace data. You can:
- Create leads from external systems (forms, CRMs, custom apps)
- List leads with filters and cursor-based pagination
- Update lead fields like name, company, deal value, tags, and status
- Archive leads via soft-delete
- AI-powered smart update — send freeform text and let AI extract field updates automatically
All API requests are workspace-scoped. Your API credentials can only access leads within your workspace.
Prerequisites
- Admin access is required to generate API credentials
- An active Slokoto workspace
Generate API credentials
- Open your Slokoto dashboard
- Click Integrations in the sidebar
- Scroll to the Custom category
- Click Manage on the REST API card
- Click Generate New API Credentials
- Give your client a name (e.g., "Production App" or "CRM Sync")
- Click Generate
You will see your Client ID and Client Secret. The secret is only shown once — copy and store it securely.
| Field | Example | Notes |
|---|---|---|
| Client ID | slk_ci_a1b2c3d4... | Safe to store, used in token requests |
| Client Secret | slk_cs_x9y8z7w6... | Sensitive — store securely, shown only once |
Authentication
Slokoto uses OAuth2 Client Credentials flow. Exchange your client credentials for a short-lived access token, then use that token for API calls.
Step 1: Get an access token
POST https://slokoto.com/api/v1/oauth/token
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "slk_ci_your_client_id",
"client_secret": "slk_cs_your_client_secret"
}
Response:
{
"data": {
"access_token": "slk_at_...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "leads.read leads.write"
}
}
The token expires after 1 hour. Request a new one when it expires.
Step 2: Use the token
Include the token in the Authorization header of every API request:
Authorization: Bearer slk_at_your_access_token
Quick start examples
Create a lead
POST https://slokoto.com/api/v1/leads
Authorization: Bearer slk_at_...
Content-Type: application/json
{
"email": "john@acme.com",
"name": "John Smith",
"company": "Acme Corp",
"deal_value": 5000000,
"tags": ["enterprise", "inbound"]
}
Deal values are in cents. $50,000 = 5000000.
List leads
GET https://slokoto.com/api/v1/leads?status=active&limit=20
Authorization: Bearer slk_at_...
Supports filters: status, assigned_to, tag, updated_after. Uses cursor-based pagination — follow meta.next_cursor for the next page.
Update a lead
PATCH https://slokoto.com/api/v1/leads/550e8400-...
Authorization: Bearer slk_at_...
Content-Type: application/json
{
"deal_value": 7500000,
"deal_stage": "negotiation"
}
Only send the fields you want to change. This endpoint is free — no AI credits used.
Archive a lead
DELETE https://slokoto.com/api/v1/leads/550e8400-...
Authorization: Bearer slk_at_...
This is a soft delete — the lead is set to archived status and can be restored later.
AI-powered smart update
Instead of mapping fields manually, you can send freeform text and let AI extract the updates:
POST https://slokoto.com/api/v1/leads/550e8400-.../ai-update
Authorization: Bearer slk_at_...
Content-Type: application/json
{
"text": "Just spoke with John, he's now VP of Sales at Acme Corp. Budget is around $50k, looking to close by end of Q2."
}
The AI will extract and apply field updates (name, company, deal_value, deal_close_date, etc.) and return what changed along with a confidence score.
This endpoint uses AI credits and is tracked in your workspace AI usage. Use the standard PATCH endpoint for structured updates where you already know the field values.
Rate limits
API requests are rate-limited to 60 requests per minute per API client. Rate limit info is included in response headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window (60) |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
If rate limited, the API returns 429 Too Many Requests.
Error handling
All errors use a consistent format:
{
"error": {
"code": "not_found",
"message": "Lead not found"
}
}
| HTTP Status | Code | Meaning |
|---|---|---|
| 400 | invalid_request | Malformed request body |
| 401 | unauthorized | Invalid or expired token |
| 403 | forbidden | Token lacks required scope |
| 404 | not_found | Lead not found in your workspace |
| 409 | duplicate_lead | Email already exists in workspace |
| 422 | validation_error | Invalid field values |
| 429 | rate_limited | Too many requests |
Revoking credentials
To revoke an API client:
- Go to Integrations → Custom → REST API
- Find the client you want to revoke
- Click the trash icon
- Confirm the revocation
All active tokens for that client are immediately invalidated.
Full API reference
For complete endpoint documentation with all parameters, response shapes, and code examples in multiple languages, visit the [API Documentation](/developers) page.