Salfio
APIReference

Get a client's default dashboard

Returns the three-card default dashboard — Client Health, Wins & Traction, Frictions & Risks — derived from the SAL-209 insight pipeline. The endpoint is strictly read-only: it never triggers a recompute on the request path. If no insight has been generated yet (brand-new client, pipeline hasn't run), all three cards come back with `status: "computing"` and empty content — **not** `404`. Partners poll (or rely on the background pipeline to backfill). Cross-tenant lookup returns `404 not_found` — existence is never leaked across organizations.

GET
/clients/{clientId}/dashboards/default

Authorization

bearerAuth
AuthorizationBearer <token>

Salfio API tokens start with the literal prefix sk_live_ followed by 32 base62 characters (≈190 bits of entropy). Tokens are hashed at rest with argon2id and shown to the user only once at creation.

In: header

Path Parameters

clientId*string
Formatuuid

Response Body

application/json

application/json

application/json

application/json

curl -X GET "https://api.salfio.com/v1/clients/497f6eca-6276-4993-bfeb-53cbbbba6f08/dashboards/default"
{
  "meta": {
    "cursor": "string",
    "hasMore": true
  },
  "data": {
    "id": "dash_default",
    "clientId": "5e505642-9024-474d-9434-e5a44f505cc5",
    "name": "Overview",
    "isDefault": true,
    "cards": [
      {
        "id": "card_health",
        "name": "string",
        "outputType": "markdown",
        "outputSubtype": "checklist",
        "outputStyle": "concise",
        "position": 0,
        "result": {
          "content": null,
          "computedAt": "2019-08-24T14:15:22Z",
          "status": "ready"
        }
      }
    ]
  }
}
{
  "error": {
    "code": "unauthorized",
    "message": "Authentication required"
  }
}
{
  "error": {
    "code": "not_found",
    "message": "client not found"
  }
}
{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded",
    "details": {
      "retry_after_seconds": 30
    }
  }
}

Update the caller's organization

Updates the whitelisted fields on the caller's organization. Only `name`, `defaultTimezone`, and `defaultCurrency` are writable. **`plan` is billing-bound** — an attempt to update it is rejected with `400 invalid_argument` rather than silently ignored, so a partner misreading the spec gets a clear error rather than a false sense of success. **`slug` is stable** for the same reason — changing it breaks dashboard deep links and other external references. Both return 400 when present in the body. Other unknown fields are silently ignored.

List activities for a client

Returns the client's activities (emails, calls, meetings, notes) ordered by most-recent first. Offset-based pagination via an opaque `cursor` string (decoded internally). Supported query params today: `limit`, `cursor`, `type`. The spec's additional filters (`source`, `from`, `to`, `includeArchived`) are validated but currently have no effect — archival filtering needs the `archived_at` column on the conversations table, tracked as a follow-up. List responses omit `content` for cost reasons — fetch the single-resource endpoint to get message bodies.