The Clyro API — scoped tokens, OAuth 2.1, and an agent-ready spec
Clyro now has a public REST API at /v1. Read and edit your account's data — funnels, pages, publish and unpublish, forms and submissions, visitors, tracking links, automations, experiments, custom domains, analytics, and media — over plain HTTPS and JSON. Authentication is least-privilege: mint scoped, revocable bearer tokens from Settings, or connect a third-party app with OAuth 2.1 (authorization-code with PKCE). It's the data behind your dashboard, reachable from your own scripts and agents.
- Scoped, revocable tokens — grant an integration only the access it needs, and cut it off in one click.
- OAuth 2.1 with PKCE for third-party apps, with a consent screen you control.
- Writes are idempotent and audit-logged; responses use cursor pagination and sparse fieldsets.
- A hand-written OpenAPI 3.1 spec at /v1/openapi.json, plus an llms.txt so AI agents can read the API directly — both kept honest by a no-drift check in CI.