Skip to content

Developer API

The Developers tab is where you issue API keys for programmatic access to Entergram. Available on the Pro plan (and Pro workspace seats). Owners and admins only.

Creating a key

Section titled “Creating a key”
  1. “Create API key”
  2. Name it (something you’ll recognize in a revocation list later)
  3. Pick scopes — fine-grained permissions such as:
    • workspace.read
    • members.read
    • accounts.read
    • contacts.read
    • chats.read / chats.write
    • custom_fields.read / custom_fields.write
  4. Default TTL is 90 days; you can pick a shorter duration
  5. Optional: restrict to a list of IP CIDR ranges
  6. Click Create — the full key is shown once. Copy it immediately; Entergram never displays it again.

Under the hood

Section titled “Under the hood”
  • Keys are stored as one-way hashes — the raw key never lives on disk
  • Each request logs prefix, IP, and user agent for audit
  • Revocation is immediate
  • Expired keys return 403 automatically
  • Every API call is workspace-scoped — a key can only operate on the workspace that issued it

Managing keys

Section titled “Managing keys”

From the Developers tab:

  • See every key’s prefix, creation date, scopes, TTL, and last-used info
  • Copy the prefix (not the secret)
  • Revoke or rotate a key
  • Rotate = create a new key with the same scopes, then revoke the old one once your integration is cut over

Example: rotate a leaked key

Section titled “Example: rotate a leaked key”
  1. You realize an engineer pasted a key into a public issue tracker
  2. Developers tab → find the key → Revoke (takes effect immediately)
  3. Create a new key with the same scopes and IP allowlist
  4. Deploy the new key to your integration
  5. Check last-used info on the old key to confirm no more traffic

Example: cut a key for a CI job

Section titled “Example: cut a key for a CI job”
  1. Developers tab → Create API key
  2. Name it ci-deploy-bot
  3. Scopes: just workspace.read and chats.read (least privilege)
  4. TTL: 30 days
  5. IP allowlist: the CI provider’s egress IPs
  6. Copy the key and set it as a secret in CI
  7. Rotate before the TTL lapses

Make.com integration

Section titled “Make.com integration”

Pro plans include a Make.com integration so you can wire Entergram into low-code automations without writing API code yourself. Available from the workspace integrations area.

API responses

Section titled “API responses”

Common HTTP errors you’ll see:

  • 401 — the key is expired, revoked, or wrong for the workspace
  • 403 — the key lacks the needed scope, or the request is from an IP outside the allowlist
  • 429 — you’ve hit a rate limit; back off and retry