search

Private Integrations

Private integrations are the fastest way to connect Spiffy to your own systems. If you're building something for internal use — an internal dashboard, a custom CRM sync, an automated workflow, a backend script — this is the right path.

circle-info

Private integrations use your Spiffy API key directly. There's no OAuth setup, no application registration, and no developer platform access required. Authenticate once and start building.

hashtag
Who this is for

  • Developers building internal tools for their own Spiffy account

  • Teams connecting Spiffy to internal systems (CRMs, ERPs, data pipelines, etc.)

  • Automations that run in your own infrastructure

  • Anyone prototyping or exploring the API before deciding what to build

If you're building something that other people or businesses will install and use — a plugin, an app, a third-party service — see Third-Party Integrations instead.

hashtag
Getting your API key

Your API key is available in your Spiffy account dashboard under Settings → API.

Each API key is scoped to your account and tier. Keep it secret — treat it like a password. Do not commit it to version control or expose it in client-side code.

hashtag
Authentication

Pass your API key as a Bearer token in the Authorization header on every request:

That's it. No token exchange, no redirect flow, no expiry handling required.

hashtag
Usage limits

Private integrations use your account's standard API usage limits, which are tied to your Spiffy plan tier. These limits are shared across your account — your private integration draws from the same pool as any other activity on your account.

If you're building something with high request volume, or something you expect to scale significantly, a private integration may not be the right fit long-term. See Third-Party Integrations for access to higher limits and dedicated developer tooling.

hashtag
What you can build

Private integrations have access to the full Spiffy API surface — the same endpoints, the same data, the same capabilities as any other integration type. The difference is operational, not functional.

Head to the API Reference for full endpoint documentation.

hashtag
Limitations

  • Account-scoped only. Your API key only has access to your own Spiffy account. It cannot be used to access other merchants' data.

  • Usage limits. API calls count against your account's API limits.

  • Not for distribution. 3rd party integrations cannot use API key authentication and must use the Spiffy Developer Platform which has better tooling for integration distribution.

hashtag
Ready to build?

  1. Grab your API key from Settings → API in your Spiffy dashboard

  2. Make your first requests following the REST API

PreviousGetting StartedNext3rd Party Integrations

Last updated