Misar Docs
MisarMailMisar.BlogMisarReachMisarPostMisar.DevMisar PlatformMisar IdentityMisar Posts API
Contacts

Authentication

Two auth modes for the Contacts API — SSO bearer for first-party UI, service key for server-to-server.

SSO Bearer (first-party UI)

Pass the Supabase session access token as a Bearer token. The acting user_id is derived from the verified token subject — no ?user_id param needed.

GET https://api.misar.io/io/contacts/contacts
Authorization: Bearer <supabase_access_token>

Service Key (server-to-server)

Used by MisarMail, MisarReach, and any other Misar product calling the Contacts API on behalf of a user. Pass the service key in a custom header plus the target user's UUID as a query param.

GET https://api.misar.io/io/contacts/contacts?user_id=<uuid>
x-audience-service-key: <AUDIENCE_SERVICE_KEY>

Environment variable

The service key is stored in the AUDIENCE_SERVICE_KEY environment variable on the calling product's server. Never expose it in client-side code.

SDK usage

import { createContactsClient } from "@misar/contacts";

const contacts = createContactsClient({
  baseUrl: "https://api.misar.io/io/contacts",
  serviceKey: process.env.AUDIENCE_SERVICE_KEY,
});

Changelog

Previous Page

Bulk Contacts

Next Page