Projects
Events
Campaigns
Subscriptions
- PATCHBulk toggle the current contact’s subscription states
- GETList subscription types
- POSTCreate a subscription type
- GETGet a subscription type
- PATCHUpdate a subscription type
- POSTBulk toggle subscription states across many contacts
- GETList a contact’s subscription states
- PATCHBulk toggle a contact’s subscription states
Journeys
Templates
Contacts
API keys
Organisation
curl --request POST \
--url https://apix.spotzee.com/api/client/users/{userId}/sessions \
--header 'Authorization: Bearer <token>'{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_at": "2026-04-29T18:30:00.000Z"
}Mint a contact session token
Issues a short-lived signed token that scopes subsequent calls to one contact. The brand’s backend mints the token with a project-scoped key (sk_…), hands it to the frontend, which then calls the preference-centre endpoints with the token in the X-Spotzee-Contact-Token header alongside a publishable key (pk_…). Tokens are not refreshable — issue a new one when expired.
Idempotent — pass an Idempotency-Key header to make safely retryable. On a replay the original response is returned with Idempotent-Replayed: true. See the API conventions guide for the full state machine, TTL, and mismatch behaviour.
curl --request POST \
--url https://apix.spotzee.com/api/client/users/{userId}/sessions \
--header 'Authorization: Bearer <token>'{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_at": "2026-04-29T18:30:00.000Z"
}Documentation Index
Fetch the complete documentation index at: https://docs.spotzee.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Project-scoped secret API key (sk_…). Pass in the Authorization: Bearer <key> header. Grants access to the project the key was issued for.
Path Parameters
Numeric ID (admin scope) or contact external_id (project scope) — the route resolves both.
"cust-9f4b21"
Response
A new contact session token.
A short-lived contact session token. Tokens are bound to one project and one contact, expire after 15 minutes, and are not refreshable.
Short-lived signed token that scopes subsequent calls to this contact. Pass in the X-Spotzee-Contact-Token header alongside a publishable key (pk_…) to call the preference-centre endpoints. Treat as bearer credentials — never log or persist.
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Token expiry. ISO 8601. Tokens are not refreshable — issue a new one when expired.
"2026-04-29T18:30:00.000Z"
Was this page helpful?