Developers
The
API
behind
the
back
office.
Everything your firm runs on Shrkity — services, orders, clients, companies, billing — is reachable over one REST API. Connect your ERP, sync your CRM, or create orders straight from your own systems. Same engine, same audit trail, your code.
- Protocol
- REST + JSON, versioned at
/api/v1 - Keys
- Scoped, IP-restrictable keys
- Retries
- Idempotent retries built in
curl https://api.shrkity.com/api/v1/orders \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -H "Idempotency-Key: order-7f3a" \ -d '{ "service_definition_id": 18, "company_id": 42 }' # 201 Created { "id": 1208, "status": "pending", "steps": [ …instantiated from your workflow… ] }
A real order, created through the same engine the desktop uses — steps, SLA clocks and audit included.
Guide
From key to first order in minutes.
API access is part of the Scale and Enterprise plans. Keys are minted by your workspace owner inside the desktop app, scoped to exactly what your integration needs, and shown once.
Mint a key
In Shrkity Business, open Settings · Organization · API Access and create a key. Pick its scopes, optionally pin it to your servers' IPs, and copy the secret — it is shown exactly once.
Authenticate
Send the key on every request as Authorization: Bearer shk_live_… or in the X-Api-Key header. Server to server only — never from a browser or mobile app.
Make your first call
List your published services with GET /services, then create an order against one. Every response mirrors what your team sees on the desktop.
Ship safely
Send an Idempotency-Key on writes so retries never duplicate work, watch the rate-limit headers, and rotate keys by minting a new one and revoking the old.
https://api.shrkity.com/api/v1
Your exact base URL is shown in the API Access tab.
Authentication
A key is a credential,
not a password you reuse.
Keys act for your whole organization within the scopes you grant them. Shrkity stores only a hash — if a key is lost, revoke it and mint another.
Scoped by resource. orders:write can create orders; it cannot touch coupons. Grant only what the integration needs.
IP-restrictable. Pin a key to your servers' IPs or CIDR ranges; calls from anywhere else are refused.
Plan-enforced, instantly revocable. Access is re-checked on every request, and a revoked key stops working within a minute everywhere.
# bearer token (recommended) curl https://api.shrkity.com/api/v1/services \ -H "Authorization: Bearer shk_live_…" # or the X-Api-Key header curl https://api.shrkity.com/api/v1/services \ -H "X-Api-Key: shk_live_…"
Keys look like shk_live_ followed by 40 characters. Anything else is rejected before it touches your data.
Errors
Every error is JSON with a human message and, where it helps your code branch, a machine code. Authentication and authorization failures always name their reason.
invalid_api_keyThe key is unknown, malformed, revoked (revoked_api_key) or expired (expired_api_key).
plan_requiredThe workspace's current plan does not include API access.
ip_not_allowedThe key is pinned to specific source IPs and this call came from elsewhere.
insufficient_scopeThe key lacks the required grant; the response names it in required_scope.
422The request body failed validation; the message says exactly what to fix.
429Too many requests; back off for Retry-After seconds.
{
"message": "The API key does not have the required scope.",
"code": "insufficient_scope",
"required_scope": "orders:write"
}
Pagination
Every list takes page (default 1) and per_page (default 10, max 200) and returns a meta object beside the data. Walk pages until has_next is false.
{
"data": [ …50 orders… ],
"meta": {
"total": 412,
"per_page": 50,
"current_page": 2,
"last_page": 9,
"has_next": true,
"has_previous": true
}
}
Idempotency
Networks fail mid-request. Send an Idempotency-Key header on any POST and the first successful response is held for 24 hours; an identical retry gets the stored response back — flagged with Idempotency-Replayed: true — instead of creating a duplicate.
Use a stable value per logical action, like your own order reference. New action, new key.
curl https://api.shrkity.com/api/v1/orders \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Idempotency-Key: erp-po-10422" \ -d '{ "service_definition_id": 18, "company_id": 42 }' # run it twice — one order exists.
Rate limits
Each key may make 120 requests per minute. Every response carries your remaining budget; a 429 tells you exactly how long to wait. Order creation is additionally subject to your plan's monthly order allowance.
X-RateLimit-Limit: 120 X-RateLimit-Remaining: 117 # on 429 only: Retry-After: 21
Versioning
The contract is the URL. Responses under /api/v1 only ever gain fields; nothing is renamed or removed within v1. A breaking change means a parallel /api/v2 with a deprecation window, never a silent edit. Build against the fields you use and ignore the rest.
Reference
Every endpoint, by resource.
Generated from the same OpenAPI document the platform serves at /api/v1/openapi.json, so what you read here is what the server enforces.
Services
Published service catalog (read-only).
List published services
Parameters
search
Matches name, Arabic name, or code
curl https://api.shrkity.com/api/v1/services \ -H "Authorization: Bearer shk_live_…"
The list fields plus starts_at_price (whether the price depends on runtime choices) and the eligibility checks that will gate an order for this service.
Parameters
id
curl https://api.shrkity.com/api/v1/services/{id} \ -H "Authorization: Bearer shk_live_…"
Aggregated across the workflow's document steps, in execution order. Use it to collect files from your side before or while the order runs.
Parameters
id
curl https://api.shrkity.com/api/v1/services/{id}/required-documents \ -H "Authorization: Bearer shk_live_…"
Orders
Service requests.
List orders
Parameters
status
company_id
service_definition_id
priority
search
created_from
created_to
curl https://api.shrkity.com/api/v1/orders \ -H "Authorization: Bearer shk_live_…"
Creates a service request for a published service. Subject to the plan's monthly order limit (422 when reached). Supports Idempotency-Key.
Body fields
service_definition_id
A published service (see GET /services)
company_id
Required when the service requires a company context
company_employee_id
The worker the order is for, when the service requires an employee
priority
curl https://api.shrkity.com/api/v1/orders \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "service_definition_id": 42, "company_id": 42, "company_employee_id": 42, "priority": "low" }'
Get an order with its steps and price breakdown
Parameters
id
curl https://api.shrkity.com/api/v1/orders/{id} \ -H "Authorization: Bearer shk_live_…"
Update an order
Parameters
id
Body fields
priority
curl https://api.shrkity.com/api/v1/orders/{id} \ -X PATCH \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "priority": "low" }'
Get one step of an order
Parameters
id
step_key
curl https://api.shrkity.com/api/v1/orders/{id}/steps/{step_key} \ -H "Authorization: Bearer shk_live_…"
Cancel an order
Parameters
id
curl https://api.shrkity.com/api/v1/orders/{id}/cancel \ -X POST \ -H "Authorization: Bearer shk_live_…"
Apply a coupon code to an order
Parameters
id
Body fields
code
curl https://api.shrkity.com/api/v1/orders/{id}/apply-coupon \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "code": "WELCOME10" }'
Remove the applied coupon from an order
Parameters
id
curl https://api.shrkity.com/api/v1/orders/{id}/coupon \ -X DELETE \ -H "Authorization: Bearer shk_live_…"
Clients
Tenant clients.
List clients
curl https://api.shrkity.com/api/v1/clients \ -H "Authorization: Bearer shk_live_…"
Create a client
Body fields
name
email
phone_number
curl https://api.shrkity.com/api/v1/clients \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "name": "Acme Trading Co.", "email": "[email protected]", "phone_number": "…" }'
Update a client
Parameters
client_id
Body fields
name
email
phone_number
curl https://api.shrkity.com/api/v1/clients/{client_id} \ -X PUT \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "name": "Acme Trading Co.", "email": "[email protected]", "phone_number": "…" }'
Companies
Client companies and their workers.
List companies
curl https://api.shrkity.com/api/v1/companies \ -H "Authorization: Bearer shk_live_…"
Create a company
Body fields
Company payload — legal_name, type, and registration fields; see the portal's Add Company form for the field set.
curl https://api.shrkity.com/api/v1/companies \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
Update a company
Parameters
id
curl https://api.shrkity.com/api/v1/companies/{id} \ -X PUT \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
List a company's workers
Parameters
company_id
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers \ -H "Authorization: Bearer shk_live_…"
Creates a company employee — the person an employee-scoped order is for. Field set mirrors the portal's Add Worker form.
Parameters
company_id
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
Update a worker
Parameters
company_id
id
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers/{id} \ -X PATCH \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
Remove a worker
Parameters
company_id
id
curl https://api.shrkity.com/api/v1/companies/{company_id}/workers/{id} \ -X DELETE \ -H "Authorization: Bearer shk_live_…"
Packages
Tenant-authored packages (read-only).
List packages
curl https://api.shrkity.com/api/v1/packages \ -H "Authorization: Bearer shk_live_…"
Get a package
Parameters
id
curl https://api.shrkity.com/api/v1/packages/{id} \ -H "Authorization: Bearer shk_live_…"
Subscriptions
Package subscriptions.
List package subscriptions
curl https://api.shrkity.com/api/v1/subscriptions \ -H "Authorization: Bearer shk_live_…"
Assign a package subscription
Body fields
package_id plus the holder (company_id or client user), mirroring the portal's Assign flow.
curl https://api.shrkity.com/api/v1/subscriptions \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
Get a subscription with allocations
Parameters
id
curl https://api.shrkity.com/api/v1/subscriptions/{id} \ -H "Authorization: Bearer shk_live_…"
Pause an active subscription
Parameters
id
curl https://api.shrkity.com/api/v1/subscriptions/{id}/pause \ -X POST \ -H "Authorization: Bearer shk_live_…"
Resume a paused subscription
Parameters
id
curl https://api.shrkity.com/api/v1/subscriptions/{id}/resume \ -X POST \ -H "Authorization: Bearer shk_live_…"
Cancel a subscription
Parameters
id
curl https://api.shrkity.com/api/v1/subscriptions/{id}/cancel \ -X POST \ -H "Authorization: Bearer shk_live_…"
Renew an expired renewable subscription
Parameters
id
curl https://api.shrkity.com/api/v1/subscriptions/{id}/renew \ -X POST \ -H "Authorization: Bearer shk_live_…"
Coupons
Discount coupons.
List coupons
curl https://api.shrkity.com/api/v1/coupons \ -H "Authorization: Bearer shk_live_…"
Create a coupon
Body fields
code
name
description
discount_type
discount_value
max_discount_amount
min_order_amount
valid_from
valid_until
usage_limit_total
usage_limit_per_subject
is_active
curl https://api.shrkity.com/api/v1/coupons \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "code": "WELCOME10", "name": "Acme Trading Co.", "discount_type": "fixed", "discount_value": 250, "description": "…" }'
Get a coupon
Parameters
id
curl https://api.shrkity.com/api/v1/coupons/{id} \ -H "Authorization: Bearer shk_live_…"
Update a coupon
Parameters
id
Body fields
code
name
description
discount_type
discount_value
max_discount_amount
min_order_amount
valid_from
valid_until
usage_limit_total
usage_limit_per_subject
is_active
curl https://api.shrkity.com/api/v1/coupons/{id} \ -X PATCH \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ "code": "WELCOME10", "name": "Acme Trading Co.", "discount_type": "fixed", "discount_value": 250, "description": "…" }'
Delete a coupon
Parameters
id
curl https://api.shrkity.com/api/v1/coupons/{id} \ -X DELETE \ -H "Authorization: Bearer shk_live_…"
List a coupon's redemptions
Parameters
id
curl https://api.shrkity.com/api/v1/coupons/{id}/redemptions \ -H "Authorization: Bearer shk_live_…"
Quotations
Bespoke priced proposals.
List quotations
curl https://api.shrkity.com/api/v1/quotations \ -H "Authorization: Bearer shk_live_…"
Create a quotation
Body fields
Recipient + line items, mirroring the portal's New Quotation form.
curl https://api.shrkity.com/api/v1/quotations \ -X POST \ -H "Authorization: Bearer shk_live_…" \ -H "Content-Type: application/json" \ -d '{ …see field reference… }'
Get a quotation
Parameters
id
curl https://api.shrkity.com/api/v1/quotations/{id} \ -H "Authorization: Bearer shk_live_…"
Send a quotation to its recipient
Parameters
id
curl https://api.shrkity.com/api/v1/quotations/{id}/send \ -X POST \ -H "Authorization: Bearer shk_live_…"
Withdraw a sent quotation
Parameters
id
curl https://api.shrkity.com/api/v1/quotations/{id}/withdraw \ -X POST \ -H "Authorization: Bearer shk_live_…"
Invoices
System-issued invoices (read-only).
List invoices
curl https://api.shrkity.com/api/v1/invoices \ -H "Authorization: Bearer shk_live_…"
Get an invoice
Parameters
id
curl https://api.shrkity.com/api/v1/invoices/{id} \ -H "Authorization: Bearer shk_live_…"
Get an invoice's PDF (302 to the file)
Parameters
id
curl https://api.shrkity.com/api/v1/invoices/{id}/pdf \ -H "Authorization: Bearer shk_live_…"
Connections
Client-to-tenant connection requests.
List connection requests and active connections
Parameters
status
e.g. pending, active, rejected, revoked
curl https://api.shrkity.com/api/v1/connections \ -H "Authorization: Bearer shk_live_…"
The client gains access to the shared record; orders and documents start flowing.
Parameters
id
curl https://api.shrkity.com/api/v1/connections/{id}/approve \ -X POST \ -H "Authorization: Bearer shk_live_…"
Optionally pass {"reason": "…"}.
Parameters
id
curl https://api.shrkity.com/api/v1/connections/{id}/reject \ -X POST \ -H "Authorization: Bearer shk_live_…"
Ends the relationship; optionally pass {"reason": "…"}.
Parameters
id
curl https://api.shrkity.com/api/v1/connections/{id}/revoke \ -X POST \ -H "Authorization: Bearer shk_live_…"
Documents
Customer compliance document records (read-only).
Document records across the companies you serve: CR, licenses, Iqama and other compliance items with status and expiry. Combine company_id with expiring_soon=true (or expires_from/expires_to) for the renewal pipeline.
Parameters
company_id
company_employee_id
document_type_id
status
expiring_soon
Only documents inside their renewal window
expires_from
expires_to
search
curl https://api.shrkity.com/api/v1/documents \ -H "Authorization: Bearer shk_live_…"
Get a document record
Parameters
id
curl https://api.shrkity.com/api/v1/documents/{id} \ -H "Authorization: Bearer shk_live_…"
Ready to build on Shrkity?
API access ships with the Scale and Enterprise plans. Mint your first key from the desktop app and your systems are talking to your back office today.