LogoLogo
  • Get Started
    • Overview
    • Concepts
      • Spaces & space groups
      • Posts
      • Messages
      • TipTap editor
      • File uploads
      • Rich Text Body
    • Websockets (Beta)
  • APIs
    • Admin API
      • Quick start
      • Usage and limits
        • Optimizing usage
        • Best Practices
      • V1
      • V2
    • Headless
      • Quick start
      • Member API
        • Docs
        • Community Member Search
        • Cookies
        • Direct upload
      • Auth SDK
        • Node.js
          • Methods
        • Ruby
        • Go
        • Python
      • Usage and limits
    • Data API
      • Docs
Powered by GitBook
On this page
  • Security
  • Feedback
  1. APIs

Headless

Our Headless offering is designed for communities to integrate Circle features into their own website or app, like discussions, feed, notifications, events, and more.

PreviousBest PracticesNextQuick start

Last updated 3 months ago

Available on our Business plan and above:

  • : A server-side API with endpoints for building your own member-side experiences in your app or website. Unlike the admin API, requests are member-authenticated via the member-specific JWT tokens you'll generate with the . This means every API request is made on behalf of a signed in member on your website or app, allowing you to write your own client-side code for integrating posts, comments, events, notifications, and more into your website or app.

  • : A server-side API to authenticate your website or app’s signed in members with the Member API using a JWT token. Optionally, you can use the for Node.js to get a head-start with your Node application.

Please note: - The access_token persists across sessions, allowing users to possess multiple tokens concurrently. - We do not revoke theaccess_token automatically - Our system automatically revokes the refresh_token after one month for enhanced security - If you need selective token revocation, our API offers endpoints dedicated to both access_token and refresh_token revocation

Security

  1. Keep your application token secure by making server-side calls for the Auth API. Do not expose your admin API token or your application token in your client-side code.

  2. Implement token management for the Member API using JWT access and refresh tokens on the client-side.

Feedback

For the full list of API endpoints, please visit

If you have general questions or want to share your creations with the developer community, please check out our .

If you have API feedback for our engineering team, to reach out to us.

https://api-headless.circle.so/.
Developer community space
please use this form
Member API
See endpoints
Auth API
Auth API
See endpoints
Auth SDK