API Access
A dedicated external API with 35 endpoints across 10 resources. Integrate Pillar with your existing tools, build custom workflows, or connect through Zapier — all with API key authentication and scoped permissions.
GET /api/v1/jobs?status=IN_PROGRESS
X-API-Key: pllr_live_...
// Response 200
{
"data": [
{
"id": "a1b2c3...",
"job_number": "JOB-2026-00042",
"status": "IN_PROGRESS",
"customer": { ... }
}
],
"meta": { "hasMore": true }
}
A production-ready API for your integrations
Connect Pillar to accounting systems, marketing tools, internal dashboards, or anything else your business relies on.
RESTful Architecture
Standard HTTP methods and JSON responses across 10 resource modules. If your team can call a REST API, they can use Pillar.
Interactive Swagger Docs
OpenAPI documentation at /api/v1/docs. Browse schemas, view examples, and test calls directly in the browser.
API Key Authentication
Create keys in the Developer Portal with 15 scoped permissions like customers:read and jobs:write. Keys are stored as SHA-256 hashes.
Outbound Webhooks
Subscribe to 20 event types and receive real-time notifications. Every payload is signed with HMAC-SHA256 for verification.
Tenant Data Isolation
Every API call is scoped to your company. You can never accidentally access another tenant's data.
Zapier Integration
6 triggers, 5 actions, and 3 searches available out of the box. Connect Pillar to thousands of apps without writing code.
35 endpoints across 10 resources
The v1 External API covers every core resource in Pillar. Create jobs, manage customers, generate invoices, track equipment, and more — all programmatically.
10 resource modules with cursor-based pagination
Create an API key
Generate a key in the Developer Portal with the permission scopes you need.
Include the key in requests
Pass the API key via the X-API-Key header or as a Bearer token in the Authorization header.
Scoped permissions
15 permission scopes like customers:read, jobs:write, and invoices:read let you control exactly what each key can access.
Rotate and revoke
Keys are shown once at creation and stored as SHA-256 hashes. Rotate or revoke any key at any time without disrupting other integrations.
API key authentication with scoped permissions
Create API keys in the Developer Portal with fine-grained permission scopes. Keys are shown once at creation and stored as SHA-256 hashes. Rotate or revoke keys at any time without downtime.
15 permission scopes
Fine-grained scopes like customers:read, jobs:write, invoices:read, and webhooks:manage. Grant only the access each integration needs.
Developer Portal
Account owners manage API keys, webhooks, and usage analytics from a dedicated portal with a Getting Started guide.
Secure key storage
API keys are displayed once at creation. Only SHA-256 hashes are stored — plain-text keys never persist in the database.
Multi-tenant isolation
Every query is automatically scoped to your company. Tenant context is enforced at the platform level, not per-endpoint.
Built for reliability and data safety
Rate limiting, input validation, and tenant isolation are enforced at every layer — not just at the edge.
Rate limiting
1,000 requests per minute per API key. X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers on every response.
Input validation
Every request validated against strict schemas. Unknown properties are rejected, required fields enforced.
Cursor-based pagination
Consistent envelope responses with cursor-based pagination. No missing or duplicate records across pages.
Subscription enforcement
Suspended accounts receive a 402 response until billing is resolved. Active subscriptions have full access.
Structured error responses
Every error returns a consistent { error: { code, message, details } } envelope for reliable error handling in your code.
Audit logging
Security events — logins, role changes, account actions — are logged with full context for compliance.
Interactive Swagger documentation
Full OpenAPI documentation is always available at /api/v1/docs. Browse endpoints, view request/response schemas, and test calls directly from the browser.
Interactive Swagger UI
Browse all endpoints, expand request/response schemas, and test API calls directly in the browser at /api/v1/docs.
Always current
Documentation is generated from the source code and decorators — it cannot drift from the actual API.
Schema definitions
Every request body and response type is fully typed with required/optional fields, enums, and examples.
Pillar External API
OpenAPI 3.0 specification
+ 5 more resources
Webhooks and Zapier integration
Subscribe to 20 event types and receive real-time notifications when data changes in Pillar. Every webhook payload is signed with HMAC-SHA256 so you can verify authenticity.
HMAC-SHA256 signatures
Every webhook payload includes a signature header so you can verify it came from Pillar, not a third party.
20 event types
Customer, job, invoice, estimate, equipment, appointment, and payment events — covering every core resource.
Zapier integration
6 triggers, 5 actions, and 3 searches let you connect Pillar to thousands of apps without writing any code.
Webhook management API
Create, update, list, and delete webhook subscriptions programmatically through 4 dedicated endpoints.
20 subscribable event types
Available on the Enterprise plan
ProAPI Access is included with the Enterprise plan at $199/month ($159/month with annual billing). All new accounts start with a 14-day free trial on Enterprise, so you can test the API immediately.
Related features
API Access works alongside these platform capabilities.
Ready to explore the API?
Request a demo and we will walk through authentication, endpoints, and integration patterns for your use case.