New integrations should use API v2. It supports both API key auth (for system integrations) and OAuth 2.0 (required when actions must be attributed to a specific user or are run by an AI agent). API v1 remains available for existing integrations.

API v2

Auth: API key or OAuth 2.0
Acts as: the account (API key) or the authenticated user (OAuth)

OAuth 2.0 is required for any action that must be attributed to a specific user, including actions performed by AI agents on a user's behalf.

• Human-readable API v2 docs (Swagger UI)
• OpenAPI spec (openapi.json)

API v1 (legacy)

Auth: API key
Acts as: the account

API v1 uses api keys and actions are taken as the account in the system. New integrations should prefer API v2.

• Human-readable API v1 docs (Swagger UI)
• OpenAPI spec (schema.json)

Machine-readable API policy: /.well-known/manifestly-api.json