Skip to content

Developers

The API behind the back office.

Everything your firm runs on Shrkity — services, orders, clients, companies, billing — is reachable over one REST API. Connect your ERP, sync your CRM, or create orders straight from your own systems. Same engine, same audit trail, your code.

Protocol
REST + JSON, versioned at /api/v1
Keys
Scoped, IP-restrictable keys
Retries
Idempotent retries built in
Your first call
curl https://api.shrkity.com/api/v1/orders \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: order-7f3a" \
  -d '{
    "service_definition_id": 18,
    "company_id": 42
  }'

# 201 Created
{
  "id": 1208,
  "status": "pending",
  "steps": [ …instantiated from your workflow… ]
}

A real order, created through the same engine the desktop uses — steps, SLA clocks and audit included.

Guide

From key to first order in minutes.

API access is part of the Scale and Enterprise plans. Keys are minted by your workspace owner inside the desktop app, scoped to exactly what your integration needs, and shown once.

01

Mint a key

In Shrkity Business, open Settings · Organization · API Access and create a key. Pick its scopes, optionally pin it to your servers' IPs, and copy the secret — it is shown exactly once.

02

Authenticate

Send the key on every request as Authorization: Bearer shk_live_… or in the X-Api-Key header. Server to server only — never from a browser or mobile app.

03

Make your first call

List your published services with GET /services, then create an order against one. Every response mirrors what your team sees on the desktop.

04

Ship safely

Send an Idempotency-Key on writes so retries never duplicate work, watch the rate-limit headers, and rotate keys by minting a new one and revoking the old.

Base URL https://api.shrkity.com/api/v1 Your exact base URL is shown in the API Access tab.

Authentication

A key is a credential,
not a password you reuse.

Keys act for your whole organization within the scopes you grant them. Shrkity stores only a hash — if a key is lost, revoke it and mint another.

Scoped by resource. orders:write can create orders; it cannot touch coupons. Grant only what the integration needs.

IP-restrictable. Pin a key to your servers' IPs or CIDR ranges; calls from anywhere else are refused.

Plan-enforced, instantly revocable. Access is re-checked on every request, and a revoked key stops working within a minute everywhere.

Authenticate
# bearer token (recommended)
curl https://api.shrkity.com/api/v1/services \
  -H "Authorization: Bearer shk_live_…"

# or the X-Api-Key header
curl https://api.shrkity.com/api/v1/services \
  -H "X-Api-Key: shk_live_…"

Keys look like shk_live_ followed by 40 characters. Anything else is rejected before it touches your data.

Errors

Every error is JSON with a human message and, where it helps your code branch, a machine code. Authentication and authorization failures always name their reason.

invalid_api_key
401

The key is unknown, malformed, revoked (revoked_api_key) or expired (expired_api_key).

plan_required
403

The workspace's current plan does not include API access.

ip_not_allowed
403

The key is pinned to specific source IPs and this call came from elsewhere.

insufficient_scope
403

The key lacks the required grant; the response names it in required_scope.

422
validation

The request body failed validation; the message says exactly what to fix.

429
rate limit

Too many requests; back off for Retry-After seconds.

Error shape
{
  "message": "The API key does not have the required scope.",
  "code": "insufficient_scope",
  "required_scope": "orders:write"
}

Pagination

Every list takes page (default 1) and per_page (default 10, max 200) and returns a meta object beside the data. Walk pages until has_next is false.

GET /orders?page=2&per_page=50
{
  "data": [ …50 orders… ],
  "meta": {
    "total": 412,
    "per_page": 50,
    "current_page": 2,
    "last_page": 9,
    "has_next": true,
    "has_previous": true
  }
}

Idempotency

Networks fail mid-request. Send an Idempotency-Key header on any POST and the first successful response is held for 24 hours; an identical retry gets the stored response back — flagged with Idempotency-Replayed: true — instead of creating a duplicate.

Use a stable value per logical action, like your own order reference. New action, new key.

Retry-safe create
curl https://api.shrkity.com/api/v1/orders \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Idempotency-Key: erp-po-10422" \
  -d '{ "service_definition_id": 18, "company_id": 42 }'

# run it twice — one order exists.

Rate limits

Each key may make 120 requests per minute. Every response carries your remaining budget; a 429 tells you exactly how long to wait. Order creation is additionally subject to your plan's monthly order allowance.

Response headers
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 117
# on 429 only:
Retry-After: 21

Versioning

The contract is the URL. Responses under /api/v1 only ever gain fields; nothing is renamed or removed within v1. A breaking change means a parallel /api/v2 with a deprecation window, never a silent edit. Build against the fields you use and ignore the rest.

Reference

Every endpoint, by resource.

Generated from the same OpenAPI document the platform serves at /api/v1/openapi.json, so what you read here is what the server enforces.

Services

Published service catalog (read-only).

3 endpoints

List published services

Scope: services:read

Parameters

search
query · string

Matches name, Arabic name, or code

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/services \
  -H "Authorization: Bearer shk_live_…"

The list fields plus starts_at_price (whether the price depends on runtime choices) and the eligibility checks that will gate an order for this service.

Scope: services:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)404 · Error
Example request
curl https://api.shrkity.com/api/v1/services/{id} \
  -H "Authorization: Bearer shk_live_…"

Aggregated across the workflow's document steps, in execution order. Use it to collect files from your side before or while the order runs.

Scope: services:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)404 · Error
Example request
curl https://api.shrkity.com/api/v1/services/{id}/required-documents \
  -H "Authorization: Bearer shk_live_…"

Orders

Service requests.

8 endpoints

List orders

Scope: orders:read

Parameters

status
query · string

company_id
query · integer

service_definition_id
query · integer

priority
query · string

search
query · string

created_from
query · string

created_to
query · string

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/orders \
  -H "Authorization: Bearer shk_live_…"

Creates a service request for a published service. Subject to the plan's monthly order limit (422 when reached). Supports Idempotency-Key.

Scope: orders:write

Body fields

service_definition_id
integer · required

A published service (see GET /services)

company_id
integer

Required when the service requires a company context

company_employee_id
integer

The worker the order is for, when the service requires an employee

priority
string · low | normal | high | urgent

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)422 · Error
Example request
curl https://api.shrkity.com/api/v1/orders \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "service_definition_id": 42,
    "company_id": 42,
    "company_employee_id": 42,
    "priority": "low"
  }'

Get an order with its steps and price breakdown

Scope: orders:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)404 · Error
Example request
curl https://api.shrkity.com/api/v1/orders/{id} \
  -H "Authorization: Bearer shk_live_…"

Update an order

Scope: orders:write

Parameters

id
path · integer · required

Body fields

priority
string · low | normal | high | urgent

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/orders/{id} \
  -X PATCH \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "priority": "low"
  }'

Get one step of an order

Scope: orders:read

Parameters

id
path · integer · required

step_key
path · string · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/orders/{id}/steps/{step_key} \
  -H "Authorization: Bearer shk_live_…"

Cancel an order

Scope: orders:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/orders/{id}/cancel \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Apply a coupon code to an order

Scope: orders:write

Parameters

id
path · integer · required

Body fields

code
string · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/orders/{id}/apply-coupon \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "WELCOME10"
  }'

Remove the applied coupon from an order

Scope: orders:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/orders/{id}/coupon \
  -X DELETE \
  -H "Authorization: Bearer shk_live_…"

Clients

Tenant clients.

3 endpoints

List clients

Scope: clients:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/clients \
  -H "Authorization: Bearer shk_live_…"

Create a client

Scope: clients:write

Body fields

name
string · required

email
string · required

phone_number
string

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)422 · Error
Example request
curl https://api.shrkity.com/api/v1/clients \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Trading Co.",
    "email": "[email protected]",
    "phone_number": "…"
  }'

Update a client

Scope: clients:write

Parameters

client_id
path · integer · required

Body fields

name
string · required

email
string · required

phone_number
string

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/clients/{client_id} \
  -X PUT \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Trading Co.",
    "email": "[email protected]",
    "phone_number": "…"
  }'

Companies

Client companies and their workers.

7 endpoints

List companies

Scope: companies:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/companies \
  -H "Authorization: Bearer shk_live_…"

Create a company

Scope: companies:write

Body fields

Company payload — legal_name, type, and registration fields; see the portal's Add Company form for the field set.

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)422 · Error
Example request
curl https://api.shrkity.com/api/v1/companies \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

Update a company

Scope: companies:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/companies/{id} \
  -X PUT \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

List a company's workers

Scope: companies:read

Parameters

company_id
path · integer · required

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers \
  -H "Authorization: Bearer shk_live_…"

Creates a company employee — the person an employee-scoped order is for. Field set mirrors the portal's Add Worker form.

Scope: companies:write

Parameters

company_id
path · integer · required

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)422 · Error
Example request
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

Update a worker

Scope: companies:write

Parameters

company_id
path · integer · required

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers/{id} \
  -X PATCH \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

Remove a worker

Scope: companies:write

Parameters

company_id
path · integer · required

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers/{id} \
  -X DELETE \
  -H "Authorization: Bearer shk_live_…"

Packages

Tenant-authored packages (read-only).

2 endpoints

List packages

Scope: packages:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/packages \
  -H "Authorization: Bearer shk_live_…"

Get a package

Scope: packages:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/packages/{id} \
  -H "Authorization: Bearer shk_live_…"

Subscriptions

Package subscriptions.

7 endpoints

List package subscriptions

Scope: subscriptions:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/subscriptions \
  -H "Authorization: Bearer shk_live_…"

Assign a package subscription

Scope: subscriptions:write

Body fields

package_id plus the holder (company_id or client user), mirroring the portal's Assign flow.

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/subscriptions \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

Get a subscription with allocations

Scope: subscriptions:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/subscriptions/{id} \
  -H "Authorization: Bearer shk_live_…"

Pause an active subscription

Scope: subscriptions:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/subscriptions/{id}/pause \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Resume a paused subscription

Scope: subscriptions:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/subscriptions/{id}/resume \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Cancel a subscription

Scope: subscriptions:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/subscriptions/{id}/cancel \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Renew an expired renewable subscription

Scope: subscriptions:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/subscriptions/{id}/renew \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Coupons

Discount coupons.

6 endpoints

List coupons

Scope: coupons:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/coupons \
  -H "Authorization: Bearer shk_live_…"

Create a coupon

Scope: coupons:write

Body fields

code
string · required

name
string · required

description
string

discount_type
string · fixed | percentage · required

discount_value
number · required

max_discount_amount
number

min_order_amount
number

valid_from
string

valid_until
string

usage_limit_total
integer

usage_limit_per_subject
integer

is_active
boolean

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)422 · Error
Example request
curl https://api.shrkity.com/api/v1/coupons \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "WELCOME10",
    "name": "Acme Trading Co.",
    "discount_type": "fixed",
    "discount_value": 250,
    "description": "…"
  }'

Get a coupon

Scope: coupons:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/coupons/{id} \
  -H "Authorization: Bearer shk_live_…"

Update a coupon

Scope: coupons:write

Parameters

id
path · integer · required

Body fields

code
string · required

name
string · required

description
string

discount_type
string · fixed | percentage · required

discount_value
number · required

max_discount_amount
number

min_order_amount
number

valid_from
string

valid_until
string

usage_limit_total
integer

usage_limit_per_subject
integer

is_active
boolean

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/coupons/{id} \
  -X PATCH \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "WELCOME10",
    "name": "Acme Trading Co.",
    "discount_type": "fixed",
    "discount_value": 250,
    "description": "…"
  }'

Delete a coupon

Scope: coupons:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/coupons/{id} \
  -X DELETE \
  -H "Authorization: Bearer shk_live_…"

List a coupon's redemptions

Scope: coupons:read

Parameters

id
path · integer · required

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/coupons/{id}/redemptions \
  -H "Authorization: Bearer shk_live_…"

Quotations

Bespoke priced proposals.

5 endpoints

List quotations

Scope: quotations:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/quotations \
  -H "Authorization: Bearer shk_live_…"

Create a quotation

Scope: quotations:write

Body fields

Recipient + line items, mirroring the portal's New Quotation form.

201 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/quotations \
  -X POST \
  -H "Authorization: Bearer shk_live_…" \
  -H "Content-Type: application/json" \
  -d '{ …see field reference… }'

Get a quotation

Scope: quotations:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/quotations/{id} \
  -H "Authorization: Bearer shk_live_…"

Send a quotation to its recipient

Scope: quotations:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/quotations/{id}/send \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Withdraw a sent quotation

Scope: quotations:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/quotations/{id}/withdraw \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Invoices

System-issued invoices (read-only).

3 endpoints

List invoices

Scope: invoices:read
200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/invoices \
  -H "Authorization: Bearer shk_live_…"

Get an invoice

Scope: invoices:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)
Example request
curl https://api.shrkity.com/api/v1/invoices/{id} \
  -H "Authorization: Bearer shk_live_…"

Get an invoice's PDF (302 to the file)

Scope: invoices:read

Parameters

id
path · integer · required

302 · Redirect to the rendered PDF
Example request
curl https://api.shrkity.com/api/v1/invoices/{id}/pdf \
  -H "Authorization: Bearer shk_live_…"

Connections

Client-to-tenant connection requests.

4 endpoints

List connection requests and active connections

Scope: connections:read

Parameters

status
query · string

e.g. pending, active, rejected, revoked

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/connections \
  -H "Authorization: Bearer shk_live_…"

The client gains access to the shared record; orders and documents start flowing.

Scope: connections:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/connections/{id}/approve \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Optionally pass {"reason": "…"}.

Scope: connections:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/connections/{id}/reject \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Ends the relationship; optionally pass {"reason": "…"}.

Scope: connections:write

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)409 · Error
Example request
curl https://api.shrkity.com/api/v1/connections/{id}/revoke \
  -X POST \
  -H "Authorization: Bearer shk_live_…"

Documents

Customer compliance document records (read-only).

2 endpoints

Document records across the companies you serve: CR, licenses, Iqama and other compliance items with status and expiry. Combine company_id with expiring_soon=true (or expires_from/expires_to) for the renewal pipeline.

Scope: documents:read

Parameters

company_id
query · integer

company_employee_id
query · integer

document_type_id
query · integer

status
query · string

expiring_soon
query · boolean

Only documents inside their renewal window

expires_from
query · string

expires_to
query · string

search
query · string

200 · Paginated list
Example request
curl https://api.shrkity.com/api/v1/documents \
  -H "Authorization: Bearer shk_live_…"

Get a document record

Scope: documents:read

Parameters

id
path · integer · required

200 · Single resource (shape mirrors the portal's response for the same resource; fields are additive-only within v1)404 · Error
Example request
curl https://api.shrkity.com/api/v1/documents/{id} \
  -H "Authorization: Bearer shk_live_…"

Ready to build on Shrkity?

API access ships with the Scale and Enterprise plans. Mint your first key from the desktop app and your systems are talking to your back office today.