API reference

Base URL

All API routes are served under:

https://peopleloop.io/api

Authentication

Most endpoints expect a secure session-based authentication. In practice you obtain a session after login (browser cookie or client session) and issue requests from your backend or a trusted environment using the same security model as the dashboard.

Public widget and configuration endpoints are designed for embed and public-site use cases — they do not expose private org data.

Do not embed service-role or secret keys in client-side code. Route privileged operations through your server.

Rate limits and errors

Production traffic is rate limited to protect the platform. If you receive HTTP 429, back off with exponential retry and reduce burst volume. Error bodies may include a request id — include it when contacting support@peopleloop.io.

Changelog

Breaking changes will be communicated ahead of time when possible. For integration planning, pin your client to a tested API version period and monitor deploy notes from your account team.