只需几分钟即可启动并运行 ECOSIRE API
通过 Authentik 或 API 密钥使用 OAuth2 来获取用于 API 访问的 JWT 不记名令牌。
使用授权标头中的不记名令牌来调用任何 API 端点。
安装我们的 TypeScript SDK,以进行类型安全的 API 调用,并具有内置的错误处理功能。
探索涵盖企业运营各个方面的 57 个模块
两种身份验证方法可满足您的集成需求
浏览器应用程序基于 cookie 的安全身份验证。令牌永远不会暴露给 JavaScript。
使用 JWT 不记名令牌进行服务器到服务器集成和 API 客户端。
Try any endpoint directly from your browser. Select an endpoint, fill in parameters, and send live requests to the ECOSIRE API.
/auth/loginLogin with email and password
curl -X POST \ \
"https://api.ecosire.com/api/auth/login" \ \
-H "Content-Type: application/json" \
-d '{ "email": "[email protected]", "password": "secret" }'Install the ECOSIRE SDK in your language of choice and explore 6 common operations with full code snippets.
Choose your language and install the ECOSIRE SDK
npm install @ecosire/sdk6 common operations with full SDK snippets
1. Authentication
Obtain a JWT token and include it in subsequent requests.
import { EcosireClient } from '@ecosire/sdk';
const client = new EcosireClient({
baseUrl: 'https://api.ecosire.com/api',
apiKey: process.env.ECOSIRE_API_KEY,
});
// Login with credentials
const session = await client.auth.login({
email: '[email protected]',
password: 'secret',
});
console.log(session.token); // JWT token
console.log(session.user); // { id, email, name, role }
// All subsequent calls auto-attach the token
const contacts = await client.contacts.list();ECOSIRE sends real-time webhook events to your server when key actions occur — payments, subscriptions, license activations, and more.
Explore all 8 webhook events, generate cURL commands, and verify HMAC signatures.
Fired when a customer completes payment in a Stripe Checkout Session.
Trigger: Customer pays for a product in the storefront. Auto-grants licenses and creates order.
Example JSON payload delivered to your webhook endpoint for checkout.session.completed.
{
"id": "evt_1ABCxyz",
"object": "event",
"type": "checkout.session.completed",
"created": 1711000000,
"data": {
"object": {
"id": "cs_live_abc123",
"object": "checkout.session",
"customer_email": "[email protected]",
"amount_total": 24900,
"currency": "usd",
"mode": "payment",
"payment_status": "paid",
"metadata": {
"userId": "usr_01HXYZ",
"productIds": "[\"prd_01HODOOCRM\"]"
}
}
}
}| Event | |
|---|---|
checkout.session.completed | |
invoice.paid | |
customer.subscription.deleted | |
customer.subscription.updated | |
charge.refunded | |
payment_intent.payment_failed | |
license.validated | |
license.activated |
Verify webhook signatures in production
Always verify the stripe-signature header for Stripe events using your STRIPE_WEBHOOK_SECRET. For license events, verify the X-License-Signature header using ECOSIRE_LICENSE_SECRET. Unverified events should be rejected with 401.
All API errors follow RFC 7807 (Problem Details for HTTP APIs). Every error includes a machine-readable code and human-readable message.
| Status | Meaning |
|---|---|
| 200 | OK |
| 201 | Created |
| 204 | No Content |
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 409 | Conflict |
| 422 | Unprocessable |
| 429 | Too Many Requests |
| 500 | Server Error |
{
"statusCode": 422,
"error": "Unprocessable Entity",
"message": "Validation failed",
"details": [
{ "field": "email", "message": "Invalid email address" },
{ "field": "password", "message": "Must be at least 8 characters" }
]
}公平的使用限制,确保所有用户的 API 稳定性
| 端点 | 速率限制 |
|---|---|
| POST /support | 5/min |
| POST /crm/capture | 10/min |
| POST /ecosire-ai/ask | 20/min |
| POST /licenses/validate | 30/min |
| POST /licenses/activate | 10/min |
| POST /newsletter/subscribe | 5/min |
| Authenticated endpoints | 100/min |
X-RateLimit-LimitMaximum requests allowed in the windowX-RateLimit-RemainingRequests remaining in the current windowX-RateLimit-ResetUnix timestamp when the window resetsRetry-AfterSeconds to wait before retrying (on 429)构建集成所需的一切
使用我们的 Swagger UI 界面探索和测试每个端点。尝试直接从浏览器调用 API。
下载 JSON 格式的完整 OpenAPI 3.0 规范。导入到 Postman、Insomnia 或您自己的工具中。
具有自动完成、错误处理和内置重试逻辑的类型安全 API 客户端。
Create and manage API keys from your dashboard. Each key can be scoped to specific permissions and rotated independently.
Generate new API keys from Dashboard → Settings → API Keys. Each key has a name, optional expiry date, and role scope.
Keys can be scoped to read-only, read-write, or admin. Admin keys can manage other keys and access all endpoints.
Rotate keys at any time without downtime. The old key remains valid for 24 hours after rotation for a smooth transition.
View per-key request counts, error rates, and last-used timestamps from the API Keys dashboard page.
Maintain separate keys for development, staging, and production. Production keys log all requests for audit purposes.
Webhook endpoints also use a separate ECOSIRE_LICENSE_SECRET for HMAC-SHA256 signature verification on license events.
# Pass the key as a Bearer token in the Authorization header curl https://api.ecosire.com/api/contacts \ -H "Authorization: Bearer ecos_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Or use HttpOnly cookies (browser-based auth — set automatically on login) # Cookie: ecosire_auth=<jwt_token>
有关 ECOSIRE API 的常见问题
注册 ECOSIRE 帐户并导航至仪表板 > API 密钥以生成您的 API 凭证。所有计划均提供 API 访问权限。
是的,所有 ECOSIRE 帐户都包含 API 访问权限。费率限制因计划而异。免费套餐每天支持最多 1,000 个 API 调用。
我们通过 Authentik(推荐用于 Web 应用程序)、JWT 不记名令牌(用于服务器到服务器)和 API 密钥(用于简单集成)支持 OAuth2。
是的,ECOSIRE 支持用于实时事件通知的 Webhooks。在仪表板 > 设置 > Webhooks 中配置 Webhook 端点。
我们维持所有 API 端点 99.9% 的正常运行时间。状态页面和事件历史记录可在 status.ecosire.com 上找到。
获取您的 API 密钥并在几分钟内开始构建集成。