Intuka API Reference

Build powerful integrations with the Intuka platform. This reference covers authentication, endpoints, request/response formats, and permissions across all modules.

Base URL

All API requests are made to your tenant's dedicated instance:

text

https://your-tenant.intuka.com/api/v1

Replace your-tenant with your organization's subdomain.

Authentication

Intuka uses JWT Bearer tokens for API authentication. All authenticated endpoints require the Authorization header.

1. Obtain a token

http

POST /api/v1/auth/login
Content-Type: application/json

{
  "email": "user@company.com",
  "password": "your-password",
  "tenantSlug": "your-tenant"
}

2. Use the token

http

GET /api/v1/sales/leads
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

3. Refresh when expired

Access tokens expire after a set period. Use the refresh endpoint to obtain a new pair:

http

POST /api/v1/auth/refresh
Content-Type: application/json

{
  "refreshToken": "your-refresh-token"
}

Versioning

The API is versioned via URL path. The current version is v1. All endpoints are prefixed with /api/v1.

Response Format

All responses are JSON. Successful responses follow this structure:

json

{
  "success": true,
  "data": { ... },
  "message": "Operation completed successfully"
}

Error responses include a descriptive message and error code:

json

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email is required",
    "details": [ ... ]
  }
}

Pagination

List endpoints support offset-based pagination using page and limit query parameters.

http

GET /api/v1/sales/leads?page=2&limit=25

Paginated responses include metadata:

json

{
  "success": true,
  "data": [ ... ],
  "pagination": {
    "page": 2,
    "limit": 25,
    "total": 142,
    "totalPages": 6
  }
}

Parameter	Default	Description
page	1	Page number (1-indexed)
limit	20	Items per page (max 100)
sortBy	created_at	Sort field
sortOrder	desc	Sort direction (asc/desc)

Error Codes

Status	Code	Description
400	VALIDATION_ERROR	Invalid request body or parameters
401	UNAUTHORIZED	Missing or invalid authentication token
403	FORBIDDEN	Insufficient permissions for this action
404	NOT_FOUND	Resource does not exist
409	CONFLICT	Resource already exists or state conflict
422	UNPROCESSABLE	Valid syntax but invalid business logic
429	RATE_LIMITED	Too many requests
500	INTERNAL_ERROR	Server error

Rate Limits

API rate limits are applied per user and per tenant. Specific limits:

Endpoint	Limit	Window
POST /auth/login	10 requests	15 minutes
POST /auth/password/forgot	5 requests	1 hour
General API	200 requests	1 minute

When rate-limited, the API returns HTTP 429 with a Retry-After header.

RBAC & Permissions

Intuka uses Role-Based Access Control. Users are assigned permission profiles that determine which endpoints and actions they can access.

Permission Structure

Permissions follow the pattern module.action. Examples:

text

sales.view      — View sales records
sales.create    — Create leads, accounts, etc.
sales.edit      — Edit sales records
sales.delete    — Delete sales records
finance.approve — Approve financial documents
hr.manage       — Manage HR records

Built-in Roles

Tenant Admin — Full access to all modules and settings

Manager — Module-level management with approval capabilities

User — Standard access based on assigned permission profile

Viewer — Read-only access to assigned modules

Custom permission profiles can be created and assigned via the Profiles API.

API Modules

The Intuka API is organized into modules. Click any module to explore its endpoints.

Intuka API Reference

Base URL

Authentication

1. Obtain a token

2. Use the token

3. Refresh when expired

Versioning

Response Format

Error Codes

Rate Limits

RBAC & Permissions

Permission Structure

Built-in Roles

API Modules

Core Platform

Sales CRM

Marketing Hub

HR & People

Finance

Integrations

Reports & Dashboards