Authentication
Leezy uses OAuth 2.0 Authorization Code flow for third-party integrations. PKCE with S256 is required.
Endpoints
| Endpoint | Method | Purpose |
|---|---|---|
/api/oauth/authorize | GET | Start authorization and show consent. |
/api/oauth/token | POST | Exchange an authorization code or refresh token. |
/api/oauth/revoke | POST | Revoke an access or refresh token. |
Authorization Request
https://leezy.ai/api/oauth/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://example.com/oauth/callback&
scope=leads:read%20webhooks:manage&
state=random_state&
code_challenge=BASE64URL_SHA256_CODE_VERIFIER&
code_challenge_method=S256
Token Exchange
curl -X POST "https://leezy.ai/api/oauth/token" \
-H "Content-Type: application/json" \
-u "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET" \
-d '{
"grant_type": "authorization_code",
"code": "AUTHORIZATION_CODE",
"redirect_uri": "https://example.com/oauth/callback",
"code_verifier": "ORIGINAL_CODE_VERIFIER"
}'
The response includes a Bearer access token, refresh token, expiry, granted scopes, and api_base_url.
Scopes
| Scope | Allows |
|---|---|
leads:read | Read leads. |
leads:write | Create and update leads. |
conversations:read | Read conversations. |
conversations:write | Send conversation messages. |
tickets:read | Read support tickets. |
tickets:write | Create and update support tickets. |
meetings:read | Read scheduled meetings. |
webhooks:manage | Create and manage webhook subscriptions. |
API Requests
curl "https://leezy.ai/api/v1/leads" \
-H "Authorization: Bearer lzy_at_your_access_token"