Get a client
Fetch a single client by its UUID. Returns `404 not_found` both for unknown IDs *and* for clients belonging to a different organization — the public API never leaks the existence of cross-tenant resources.
Authorization
bearerAuth Salfio API tokens start with the literal prefix sk_live_ followed
by 32 base62 characters (≈190 bits of entropy). Tokens are hashed
at rest with argon2id and shown to the user only once at creation.
In: header
Path Parameters
Client UUID.
uuidResponse Body
application/json
application/json
application/json
application/json
curl -X GET "https://api.salfio.com/v1/clients/497f6eca-6276-4993-bfeb-53cbbbba6f08"{
"meta": {
"cursor": "string",
"hasMore": true
},
"data": {
"id": "8b2d1c4e-3f5a-4e2b-9c8f-1e2d3c4b5a6f",
"name": "Acme Corp",
"domain": "acme.com",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": {
"code": "unauthorized",
"message": "Authentication required"
}
}{
"error": {
"code": "not_found",
"message": "client not found"
}
}{
"error": {
"code": "rate_limited",
"message": "Rate limit exceeded",
"details": {
"retry_after_seconds": 30
}
}
}Create a client
Creates a new client in the authenticated organization. The server auto-wires any matching integration assignment rules based on the supplied `domain` (same behaviour as the dashboard create flow). **`organizationId` must not be included in the body.** The organization is resolved from the bearer token; a body-borne `organizationId` is rejected with `400 invalid_argument` rather than silently overridden.
Delete a client
Soft-deletes the client. Subsequent reads return `404 not_found`. The stored row is retained for audit / recovery but no longer returned by any endpoint. Cross-tenant deletes return `404 not_found`.