EnterprisePro

API Access

A complete RESTful API with over 200 endpoints across 40+ modules. Integrate Pillar with your existing tools, build custom workflows, or extend the platform to fit your exact needs.

Request Demo View Pricing

200+ EndpointsOpenAPI DocsJWT AuthRate Limiting

api-request.sh

GET /api/jobs?status=IN_PROGRESS

Authorization: Bearer <access_token>

// Response 200

{

"data": [

{

"id": "a1b2c3...",

"job_number": "JOB-2026-00042",

"status": "IN_PROGRESS",

"customer": { ... }

}

"total": 12

}

A production-ready API for your integrations

Connect Pillar to accounting systems, marketing tools, internal dashboards, or anything else your business relies on.

RESTful Architecture

Standard HTTP methods and JSON responses. If your team can call a REST API, they can use Pillar.

OpenAPI Documentation

Auto-generated Swagger docs at /api/docs. Browse schemas, view examples, and test calls directly.

JWT Authentication

Short-lived access tokens with automatic refresh. Role-based access control on every endpoint.

Rate Limiting

Global and per-endpoint rate limits prevent abuse while keeping normal usage uninterrupted.

Tenant Data Isolation

Every API call is scoped to your company. You can never accidentally access another tenant's data.

Input Validation

Strict schema validation on every request. Unknown fields are rejected, and types are enforced automatically.

Coverage

50+ public endpoints across every module

Every core feature in Pillar is accessible through the API. Create jobs, manage customers, generate invoices, schedule appointments, and more — all programmatically.

Jobs & Appointments

Customers

Estimates & Invoices

Technicians & Skills

Equipment & Warranty

Time Entries

Price Book & Formulas

Communications

Sample Endpoints

GET/jobs?status=SCHEDULED

POST/customers

PUT/estimates/:id

GET/technicians/:id/schedule

POST/invoices/:id/payments

GET/time-entries?user_id=...

DELETE/equipment/:id

PATCH/jobs/:id/status

40+ modules with full CRUD operations

Authentication Flow

Authenticate

Send credentials to receive a JWT access token and refresh token.

POST /auth/login { email, password }

Include token in requests

Pass the access token as a Bearer token in the Authorization header.

Authorization: Bearer <access_token>

Automatic refresh

When the 15-minute access token expires, use the 7-day refresh token to get a new one.

POST /auth/refresh { refresh_token }

Scoped by role

Each endpoint enforces role-based access. Owners see everything; technicians see their own data.

Security

JWT authentication with RBAC

Every API call is authenticated with short-lived JWT access tokens and automatic refresh. Role-based access control ensures each request only sees what it should.

Four access roles

Owner, Dispatcher, Technician, and Customer — each with distinct endpoint permissions.

Feature flag guards

Tier-gated features return 403 if not enabled, preventing unauthorized access to premium modules.

bcrypt password hashing

Passwords are salted and hashed. Plain-text credentials never touch the database.

CORS configuration

Allowed origins are explicitly configured per environment with credentials support.

Built for reliability and data safety

Rate limiting, input validation, and tenant isolation are enforced at every layer — not just at the edge.

Global rate limiting

100 requests per 60 seconds per IP, with stricter limits on sensitive endpoints like auth.

Strict input validation

All DTOs validated with schema rules. Unknown properties are rejected, required fields enforced.

Multi-tenant isolation

Every database table includes company_id. A global interceptor enforces tenant scoping automatically.

Subscription enforcement

If a subscription is suspended, write operations return 402. Read access remains available.

Refresh token rotation

Access tokens expire in 15 minutes. Refresh tokens last 7 days and use a mutex to prevent race conditions.

Audit logging

Security events — logins, role changes, account actions — are logged with IP, user agent, and correlation IDs.

Documentation

Auto-generated OpenAPI docs

Full Swagger documentation is generated directly from the codebase and always reflects the current API surface. Browse endpoints, view request/response schemas, and test calls from the browser.

Interactive Swagger UI

Browse all endpoints, expand request/response schemas, and test API calls directly in the browser.

Always current

Documentation is generated from the source code and decorators — it cannot drift from the actual API.

Schema definitions

Every request body and response type is fully typed with required/optional fields, enums, and examples.

View API overview

Pillar API

OpenAPI 3.0 specification

v1.0

Jobs

14 endpoints

Customers

8 endpoints

Estimates

12 endpoints

Invoices & Payments

16 endpoints

Technicians

10 endpoints

+ 35 more modules

Available on the Enterprise plan

Pro

API Access is included with the Enterprise plan at $199/month. All new accounts start with a 14-day free trial on Enterprise, so you can test the API immediately.

Request Demo Compare plans

Related features

API Access works alongside these platform capabilities.

Security

Multi-tenant isolation and RBAC

Audit Logging

Track every security event

Integrations

Stripe, Twilio, Google Maps

Analytics

Reports and data export

Ready to explore the API?

Request a demo and we will walk through authentication, endpoints, and integration patterns for your use case.

Request Demo View Pricing