API — introduction
REST and GraphQL, tokens, webhooks, limits, best practices.
Avenit exposes a public API for every module — REST, GraphQL, webhooks. This page covers the basics.
Base URL
Every tenant has its own endpoint:
https://{slug}.app.avenit.pl/api/v1Example: https://techflow.app.avenit.pl/api/v1/contractors.
Authentication
Two supported methods:
Personal Access Token (PAT) — a token for a specific user, generated under Settings → API Tokens. Added in a header:
Authorization: Bearer avenit_pat_xyz123...OAuth 2.0 — for external applications. Details in OAuth flow.
First request
curl -H "Authorization: Bearer $AVENIT_TOKEN" \
https://techflow.app.avenit.pl/api/v1/contractors?limit=10Response:
{
"data": [
{
"id": "018f2b1a-...",
"type": "company",
"name": "ACME Inc.",
"taxId": "1234567890",
"email": "contact@acme.com"
}
],
"meta": { "total": 284, "page": 1, "limit": 10 }
}GraphQL
Available at /api/v1/graphql. Same data model as REST but with exact field selection and nested relations.
query {
contractors(limit: 10) {
id
name
opportunities { id, value, stage }
}
}Webhooks
Every system event (create / update / delete) can fire a webhook to your endpoint. Configure under Settings → Webhooks.
- Retries: 3× with exponential backoff (1s, 10s, 60s).
- Signature:
X-Avenit-Signature: sha256=...header for verification. - At-least-once delivery — remember to be idempotent on the receiver side.
Limits
- REST/GraphQL: 600 requests/minute per tenant (burst 1200).
- Outbound webhooks: 100/s.
- Payload: 10 MB max.
Enterprise plans can negotiate higher limits.