Authentication

All Sales Lab API requests authenticate via a Bearer token in the Authorization header.

Authorization: Bearer slt_<your-token>

Scopes. Tokens are issued with explicit, read-only scopes: sessions:read, scorecards:read, scenarios:read, users:read, analytics:read. Requests that exceed a token's scopes return 403 FORBIDDEN.

Rate limits. 60 requests per minute per token. Bursts that exceed the window return 429 RATE_LIMITED.

Revocation. Tokens can be revoked instantly from Settings. Revoked tokens fail with 401 UNAUTHORIZED on the next request.

Error envelope. Every non-2xx response returns:

{ "ok": false, "error": { "code": "FORBIDDEN", "message": "Missing scope: sessions:read" } }