REST API and webhooks

The BrandJet AI REST API gives programmatic access to the same actions available in the dashboard and the MCP server. Use it when you want to integrate BrandJet into your own backend, custom dashboards, or automation pipelines.

Base URL and authentication

• Base URL: https://api.brandjet.ai/v1

• Auth: Bearer token in the Authorization header.

• Generate a token from Settings → API and MCP → Generate API key.

• One token per workspace; switching workspaces requires a different token.

OpenAPI specification

The full spec is available at https://api.brandjet.ai/v1/openapi.json. Import it into Postman, Insomnia, or your code generator to bootstrap a client in minutes.

What you can do

• Leads: create, search, update, enrich, delete.

• Campaigns: list, get, launch, pause, add or remove leads.

• Accounts: list connected inboxes and social accounts.

• Mentions: query keywords and mentions.

• Workflows: trigger by name with a JSON payload.

• Analytics: pull campaign, account, and workspace-level stats.

Rate limits

• Default: 60 requests per minute per token, 1,000 per hour.

• Higher tiers and Agency get bumped to 300 per minute, 10,000 per hour.

• Responses include X-RateLimit-Remaining and X-RateLimit-Reset headers.

• When throttled, you get HTTP 429 with a Retry-After header.

Pagination

List endpoints use cursor pagination. Pass ?limit=100&cursor=...; the response includes nextCursor if more results exist.

Webhooks

Register webhooks from Settings → Webhooks to receive events when things happen in your workspace.

Available events

• lead.created, lead.updated, lead.enriched, lead.opted_out.

• campaign.launched, campaign.paused, campaign.completed.

• message.sent, message.opened, message.clicked, message.replied, message.bounced.

• account.connected, account.disconnected.

• mention.created.

Payload format

{
  "event": "message.replied",
  "id": "evt_01HZX...",
  "createdAt": "2026-06-05T10:11:12Z",
  "workspaceId": "ws_...",
  "data": {
    "leadId": "lead_...",
    "campaignId": "cmp_...",
    "messageId": "msg_...",
    "channel": "email",
    "snippet": "..."
  }
}

Verifying webhook signatures

Every webhook includes a X-BrandJet-Signature header. Verify it with your webhook signing secret to confirm the request came from BrandJet:

• Compute HMAC-SHA256(signingSecret, body).

• Compare to the header value in constant time.

Retries

If your endpoint returns a non-2xx response, BrandJet retries up to 8 times with exponential backoff (1s, 5s, 30s, 2min, 10min, 1h, 6h, 24h). After that the delivery is marked failed and visible in Settings → Webhooks → Deliveries.

Need an SDK?

We publish official Node.js and Python SDKs. Find them via the OpenAPI spec page; both clients are generated from the same spec, so behaviour is identical across languages.