Skip to main content
The Slant public API lets you read and manage CRM records (households, people, tasks, meetings, and more) from outside the app.

Base URL

https://api.slant.app/v1

Authentication

Every request must include an Authorization header using the Bearer scheme: 
Authorization: Bearer slnt_pat_<token>
The scheme must be exactly Bearer — other schemes (Token, Basic, or a bare token) return 401 token_missing. Tokens are issued from the API tokens settings page. Personal access tokens are read-only by default — message support to request write access for a specific token. Write requests (POST, PUT, PATCH, DELETE) made with a read-only token return 403 token_read_only.

Quickstart

Verify your token with a request to /v1/me, which returns the currently authenticated user: 
curl https://api.slant.app/v1/me \
  -H "Authorization: Bearer slnt_pat_..."

{
  "id": "abc123xyz",
  "email": "you@example.com",
  "first_name": "Jane",
  "last_name": "Doe"
}

Rate limits

Every request is checked against three buckets. The strictest bucket wins, and exceeded requests return 429 Too Many Requests.
BucketPersonal access tokenOAuth app (default)
Per token / per user1,000 req / hr500 req / hr
Per company / per app10,000 req / hr1,000 req / hr
Per IP10,000 req / hr10,000 req / hr

Idempotency

Safely retry POST requests by including an Idempotency-Key header with a unique value (a UUID works well): 
curl -X POST https://api.slant.app/v1/prospects \
  -H "Authorization: Bearer slnt_pat_..." \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -d '{ "book_id": "...", "first_name": "Jane", "last_name": "Doe" }'
A repeated request with the same key and body returns the cached response instead of creating a duplicate. Keys live for 1 hour by default and are scoped per endpoint — the same key on a different path creates a fresh record. 5xx responses are never cached, so retries after a server error always re-execute.

Request format

Requests with a body (POST, PUT, PATCH) must include Content-Type: application/json. Without it, the body is ignored and your fields come through empty. A malformed JSON body returns 400 invalid_json.

Conventions

  • Pagination — list endpoints accept page (default 1) and per_page (default 25, max 100). Responses include { data: [...], pagination: { current_page, total_pages, total_count, per_page } }.
  • IDs — all IDs are opaque strings. Use them as-is.
  • Book scoping — most endpoints accept an optional book_id query parameter. A “book” is an advisor’s workspace. Use GET /v1/books to list the books your token can see.
  • Timestamps — ISO 8601.

Errors

Errors are returned as { "error": "<code>", "detail": "<message>" } with the appropriate HTTP status.
CodeStatusWhen it happens
token_missing401Authorization header is missing or doesn’t use the Bearer scheme
token_invalid401Token can’t be verified (expired, revoked, or malformed)
token_read_only403Read-only token attempted a write request
invalid_json400Request body isn’t valid JSON
parameter_missing422A required parameter is missing from the request
record_invalid422Validation failed on the record being created or updated
record_not_found404The referenced record doesn’t exist or isn’t visible to your token