Authentication
All API requests require an API key passed in the Authorization header. You can generate API keys from your dashboard under Settings → API Keys.
curl -X GET https://api.upgpt.ai/v1/agents \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json"
API keys are scoped to your workspace and carry the same permissions as the user who created them. Treat your API key like a password -- do not expose it in client-side code.
Base URL
All API endpoints are available at:
https://api.upgpt.ai/v1/
Endpoints Overview
Agents
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/agents | List all agents in your workspace |
GET | /v1/agents/:id | Get agent details |
POST | /v1/agents | Create a new agent |
PATCH | /v1/agents/:id | Update agent configuration |
DELETE | /v1/agents/:id | Delete an agent |
Leads & Contacts
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/leads | List leads with optional filters |
POST | /v1/leads | Create a new lead |
GET | /v1/leads/:id | Get lead details and history |
PATCH | /v1/leads/:id | Update lead information |
Bookings
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/bookings | List all bookings |
POST | /v1/bookings | Create a booking |
DELETE | /v1/bookings/:id | Cancel a booking |
Webhooks
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/webhooks | List registered webhooks |
POST | /v1/webhooks | Register a webhook endpoint |
DELETE | /v1/webhooks/:id | Remove a webhook |
Rate Limits
API requests are rate-limited per workspace to ensure platform stability:
| Plan | Requests / minute | Requests / day |
|---|---|---|
| Starter | 60 | 10,000 |
| Professional | 300 | 100,000 |
| Enterprise | 1,000 | Unlimited |
Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) are included in every response. When a limit is exceeded, the API returns 429 Too Many Requests.
Webhooks
UpGPT can send real-time event notifications to your endpoints via webhooks. Supported events include:
booking.created-- A new booking has been scheduledbooking.cancelled-- A booking has been cancelledlead.qualified-- A lead has been qualified by an AI agentlead.routed-- A lead has been routed to a representativeagent.escalation-- An agent has escalated a conversationpayment.received-- A payment has been processed
Webhook payloads are signed with HMAC-SHA256 using your webhook secret. Always verify signatures before processing events in production.
SDKs
Official SDKs are available for popular languages. Each SDK wraps the REST API and handles authentication, retries, and error handling automatically.
| Language | Package | Status |
|---|---|---|
| JavaScript / TypeScript | @upgpt/sdk | Available |
| Python | upgpt-python | Available |
| Go | upgpt-go | Coming soon |
| Ruby | upgpt-ruby | Coming soon |
Error Handling
The API returns standard HTTP status codes and a consistent JSON error body:
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided is invalid or has been revoked.",
"status": 401
}
}| Status | Meaning |
|---|---|
200 | Success |
201 | Created |
400 | Bad request -- check your parameters |
401 | Unauthorized -- invalid or missing API key |
403 | Forbidden -- insufficient permissions |
404 | Not found |
429 | Rate limited |
500 | Internal server error |
Need help integrating? Our team is here to assist.
Contact Support