Platform API
Programmatic management of your SuitePortal platform — organizations, syncs, agents, payments, and more.
The Platform API gives you full CRUD access to your SuitePortal configuration. Manage organizations, sync configs, views, agents, payments, and portal settings programmatically.
Platform API vs Public API
SuitePortal has two APIs that serve different purposes:
| Platform API | Public API | |
|---|---|---|
| Purpose | Manage the platform itself | Query synced NetSuite data |
| Base path | /api/platform/v1/ | /api/public/{version}/ |
| Auth | Session, OAuth2 bearer, or API key | Tenant API key |
| Data | PostgreSQL (orgs, syncs, agents, etc.) | MongoDB (invoices, orders, items) |
| Access | Tenant admins, SDK, agents | End-customers, integrations |
What you can do
- Organizations — list, update, manage members, roles, and invitations
- Syncs — create, update, trigger, and monitor NetSuite sync configurations
- Views — create saved views with email subscriptions
- Agents — provision, start/stop, manage conversations and integrations
- Pay — configure Stripe Connect, list payments and payouts
- API Keys — create and manage keys for the Public API
- Domains — add and verify custom domains
- NetSuite — connect, verify, and manage your NetSuite integration
Quick start
1. Create an API key
Go to Configuration > API in your tenant dashboard, or use the Platform API itself once authenticated:
POST /api/platform/v1/api-keys
{ "name": "My Integration" }Your key will start with sp_ — save it, it's only shown once.
2. Make your first request
curl -H "Authorization: Bearer sp_live_abc123..." \
https://suiteportal.io/api/platform/v1/whoamiThe /whoami endpoint returns your user, organization, permissions, and resource usage — useful for verifying your key works and understanding your current context.
3. Explore the API reference
The full interactive API reference is auto-generated from OpenAPI 3.0 and available at:
Authentication
Three methods, all producing the same result:
| Method | Use case | Header |
|---|---|---|
| Session cookie | Web app (automatic) | (set by browser) |
| API key | SDK, scripts, integrations | Authorization: Bearer sp_... |
| OAuth2 bearer | MCP, AI agents | Authorization: Bearer eyJ... |
All requests are scoped to your active organization. Resources from other organizations are never returned.
Rate limits
All endpoints are rate-limited to 60 requests per minute per user. Rate limit headers are included in every response:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 1711843260Response format
All responses follow a consistent shape:
// Success
{
"data": { ... }
}
// Paginated
{
"data": [ ... ],
"pagination": {
"total": 142,
"page": 1,
"pageSize": 25,
"totalPages": 6
}
}
// Error
{
"error": {
"code": "NOT_FOUND",
"message": "Sync config not found"
}
}Next steps
- API Reference — interactive docs with all endpoints
- Platform API Guide — authentication details, examples, and SDK setup