Weezly Outreach
|Developer Docs

Authentication

Welcome to the Weezly Outreach API. Let's get started with a quick setup on how to authenticate your requests.

Finding your API key

The first step when using the Weezly Outreach API is authenticating your requests with an API key.

The API key is used to authenticate the incoming requests and map them to your account.

API keys never expire, however they can be deleted and deactivated.

Go to Settings → API in the app to create and manage your API keys. Keys are prefixed with sk_live_.

How to authenticate

After you have your API key, you will need to provide it in every request that you make to the Weezly Outreach API. You will need to add the X-API-KEY request header to every request and set your API key as the value.

Header formatHTTP
X-API-KEY: sk_live_YOUR_API_KEY

Test your API key

Once you have your API key, you can check if it's working by sending the following request. If everything is working properly, you should get a 200 HTTP status code.

Request — cURLcURL
curl --location --request GET 'http://outreach.weezly.com/api/auth/me' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY'
Response — 200 OKJSON
{
  "id": "1234",
  "name": "John Smith",
  "email": "john@example.com",
  "plan": "growth"
}

Example requests

Get all lead lists

Request — cURLcURL
curl --location --request GET 'http://outreach.weezly.com/api/leads/lists' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY'

Create a campaign

Request — cURLcURL
curl --location --request POST 'http://outreach.weezly.com/api/campaigns' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "Q2 Outreach",
  "leadListId": "cm3list789abc"
}'

Rate Limits

The API allows a maximum of 300 requests per minute. All requests are attributed to the same limit regardless of endpoint.

Going above the limit will return a 429 HTTP status code and an error.

Authentication Errors

CodeCause
401Missing X-API-KEY header
401Invalid API key (typo, wrong key)
401Deleted or deactivated API key
429Rate limit exceeded (300 requests/minute)

API Key Management

You can also manage API keys programmatically via the API.

List API Keys

GET/api/api-keys

List all API keys for the authenticated user.

Request — cURLcURL
curl --location --request GET 'http://outreach.weezly.com/api/api-keys' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY'
Response — 200 OKJSON
{
  "keys": [
    {
      "id": "cm3key_001",
      "name": "Production Integration",
      "prefix": "sk_live_a1",
      "key": "sk_live_a1b2c3d4e5f6...",
      "lastUsedAt": "2026-06-07T08:00:00.000Z",
      "createdAt": "2026-05-20T10:00:00.000Z"
    },
    {
      "id": "cm3key_002",
      "name": "Zapier Webhook",
      "prefix": "sk_live_f7",
      "key": "sk_live_f7e8d9c0b1a2...",
      "lastUsedAt": null,
      "createdAt": "2026-06-01T14:00:00.000Z"
    }
  ]
}

Create API Key

POST/api/api-keys

Create a new API key. Maximum 10 keys per user.

Request Body

ParameterTypeDescription
namerequiredstringA descriptive name for the key (e.g. "Production", "Zapier")
Request — cURLcURL
curl --location --request POST 'http://outreach.weezly.com/api/api-keys' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "Production Integration"
}'
Response — 201 CreatedJSON
{
  "key": {
    "id": "cm3key_new003",
    "name": "Production Integration",
    "key": "sk_live_9f8e7d6c5b4a3f2e1d0c9b8a7f6e5d4c",
    "prefix": "sk_live_9f",
    "createdAt": "2026-06-07T10:00:00.000Z"
  }
}

Response Codes

201API key created
400Name is required / Maximum 10 keys reached
401Unauthorized

Delete API Key

DELETE/api/api-keys/:id

Permanently delete an API key. Any integrations using this key will immediately stop working.

Request — cURLcURL
curl --location --request DELETE 'http://outreach.weezly.com/api/api-keys/cm3key_001' \
  --header 'X-API-KEY: sk_live_YOUR_API_KEY'
Response — 200 OKJSON
{ "ok": true }

Response Codes

200API key deleted
404API key not found
401Unauthorized

Security: Treat API keys like passwords. Never expose them in client-side code, public repositories, or logs. Store them in environment variables. If a key is compromised, delete it immediately in Settings → API and create a new one.