Authentication
All API requests require an API key in the Authorization header:
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Generate API keys in Settings → APIs & Webhooks.
Base URL: https://app.360onboard.com/api/v1
API Endpoints
List Campaigns
Get all published onboarding campaigns.
GET /api/v1/campaigns
Response:
{
"campaigns": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Client Onboarding Flow",
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}
List Clients
Get all clients, optionally filtered by campaign.
GET /api/v1/clients?campaign_id={campaign_id}
Response:
{
"clients": [
{
"id": "770e8400-e29b-41d4-a716-446655440002",
"campaign_id": "550e8400-e29b-41d4-a716-446655440000",
"first_name": "John",
"last_name": "Doe",
"email": "john@example.com",
"company_name": "Acme Corp",
"phone": "+1234567890",
"created_at": "2024-01-15T09:00:00Z"
}
]
}
Add Client
Create a new client and add them to a campaign.
POST /api/v1/clients
Request Body:
{
"campaign_id": "550e8400-e29b-41d4-a716-446655440000",
"first_name": "John",
"last_name": "Doe",
"email": "john@example.com",
"company_name": "Acme Corp",
"phone": "+1234567890"
}
Required: campaign_id, email
Response:
{
"client": {
"id": "770e8400-e29b-41d4-a716-446655440002",
"campaign_id": "550e8400-e29b-41d4-a716-446655440000",
"first_name": "John",
"last_name": "Doe",
"email": "john@example.com",
"company_name": "Acme Corp",
"phone": "+1234567890",
"link": "https://app.360onboard.com/c/abc123xyz789",
"created_at": "2024-01-15T09:00:00Z"
}
}
Webhooks
Receive real-time notifications when events occur in your account.
Setup
Configure webhooks in Settings → APIs & Webhooks → Webhooks.
Supported Events
client.created- New client added to campaignflow.created- Campaign publishedclient.completed- Client finished onboarding
Webhook Format
All webhooks are POST requests with:
Headers:
Content-Type: application/json
X-360onboard-Signature: sha256=<signature>
X-360onboard-Event: <event_type>
Body:
{
"event": "client.created",
"data": {
"client_id": "770e8400-e29b-41d4-a716-446655440002",
"campaign_id": "550e8400-e29b-41d4-a716-446655440000",
"campaign_name": "Client Onboarding Flow",
"first_name": "John",
"last_name": "Doe",
"email": "john@example.com",
"company_name": "Acme Corp",
"phone": "+1234567890",
"link": "https://app.360onboard.com/c/abc123xyz789",
"created_at": "2024-01-15T09:00:00Z"
},
"timestamp": "2024-01-15T09:00:00Z"
}
Verifying Signatures
Always verify webhook signatures to ensure authenticity.
Node.js:
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const signatureValue = signature.replace('sha256=', '');
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(JSON.stringify(payload))
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signatureValue),
Buffer.from(expectedSignature)
);
}
Python:
import hmac
import hashlib
import json
def verify_webhook(payload, signature, secret):
signature_value = signature.replace('sha256=', '')
expected_signature = hmac.new(
secret.encode('utf-8'),
json.dumps(payload, separators=(',', ':')).encode('utf-8'),
hashlib.sha256
).hexdigest()
return hmac.compare_digest(signature_value, expected_signature)
Error Handling
Standard HTTP status codes:
- 200 - Success
- 201 - Created
- 400 - Bad request
- 401 - Unauthorized
- 404 - Not found
- 429 - Rate limit exceeded (100 requests/minute)
- 500 - Server error
Error Response:
{
"error": "Error message",
"details": "Additional details"
}
Quick Start Example
const API_KEY = 'sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
const BASE_URL = 'https://app.360onboard.com/api/v1';
// Add a client
const response = await fetch(`${BASE_URL}/clients`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
campaign_id: '550e8400-e29b-41d4-a716-446655440000',
first_name: 'John',
last_name: 'Doe',
email: 'john@example.com'
})
});
const { client } = await response.json();
console.log('Onboarding link:', client.link);
Support: david@360onboard.com