Advanced
Seedling API
The Seedling API lets you connect AI agents, MCP servers, automation tools (Zapier, Make, n8n), and custom scripts to your organization data. It uses standard JSON over HTTPS with scoped bearer tokens. Pro plan required.
Connect your agent (step by step)
Seedling is tool-agnostic. Any agent that can send HTTPS requests with a bearer token can read and (with the right key) write your org data. Here is the recommended path from zero to a working automation.
Step 1 — Enable API access and create a key
- Open Settings → Advanced → API Keys (Pro plan).
- Turn on Enable API access for this organization.
- Create a key with a label (e.g. Claude ops agent) and choose Read only or Read and write.
- Copy the token immediately — it is shown only once.
Step 2 — Verify the connection
Base URL: https://www.seedlingcrm.com/api · Header: Authorization: Bearer <your-token>
Call the discovery endpoint to confirm org context, scopes, and available endpoints:
curl -s -H "Authorization: Bearer YOUR_TOKEN" \
https://www.seedlingcrm.com/api/v1/me
You should see JSON with your organization, plan capabilities, token abilities, and endpoint families. Log in to use the browser playground.
Step 3 — Let your agent read (and optionally write)
Point your agent at the OpenAPI spec or the endpoint list from GET /api/v1/me. Common starting points:
GET /api/v1/tasks— list and filter tasksGET /api/v1/customers— CRM with search and incremental syncGET /api/v1/calendar— unified calendar feedPOST /api/v1/tasks— create a task (requires read-write key; subject to SafeNode policy)
Step 4 — Understand write protection (SafeNode, included)
When you use a read and write key, Seedling evaluates each gated write through SafeNode before it runs. You stay in Seedling for review — no separate SafeNode signup required.
- Allow — the write completes normally.
- Review — Seedling returns HTTP
202withpending_review; approve or deny in your org’s review queue. - Deny — HTTP
403with a policy reason; nothing is changed.
Agent setup examples
Pick the path that matches your stack. All paths use the same Seedling API key and base URL.
curl or any HTTP client
Works everywhere — scripts, cron jobs, serverless functions, or quick tests.
# Read
curl -s -H "Authorization: Bearer YOUR_TOKEN" \
"https://www.seedlingcrm.com/api/v1/tasks?status=todo"
# Write (gated by SafeNode on Pro)
curl -s -X POST \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"title":"Follow up with Acme","status":"todo"}' \
"https://www.seedlingcrm.com/api/v1/tasks"
Claude Agent SDK (TypeScript / Python)
The Claude Agent SDK runs an agent loop with tools. Give your agent HTTP tools (or a thin wrapper) that call Seedling with your bearer token.
- Store
SEEDLING_API_TOKENandSEEDLING_API_BASE=https://www.seedlingcrm.com/apiin your agent environment — never in client-side code. - On startup, call
GET /api/v1/meso the agent knows org context and allowed scopes. - Register tools such as list_tasks, create_task, search_customers that map to Seedling REST paths.
- For writes, handle
202 pending_reviewby telling the user to approve in Seedling, or poll the review queue if you build that into your workflow.
Tip: download the OpenAPI spec (below) and use it to generate typed clients or MCP tool definitions for your agent.
Cursor, MCP servers, and IDE agents
Point an MCP server or Cursor agent at Seedling’s OpenAPI spec. Many setups expose GET /api/v1/me, task list/create, and customer search as MCP tools.
Use a read-only key for exploration; switch to read-write only when you trust the workflow.
Zapier, Make, n8n
Use the Webhooks / HTTP Request action with your bearer token. Trigger on schedules or external events, read Seedling data, and POST updates when needed. Writes from automations are subject to the same SafeNode gates as agent writes.
Optional — custom SafeNode policies (advanced)
Default policies are managed by Seedling for all Pro orgs. If you operate your own SafeNode workspace and want finer-grained rules,
action types and context fields are documented in docs/seedling-api/safenode-action-catalog.md (repo).
Match policies to your Seedling organization id from GET /api/v1/me.
Learn more at safenode.tech.
Docs & playground
Full reference and a live browser playground are in the app (login required):
- Seedling API docs & browser playground — try GET requests with your key
- Full API reference (OpenAPI) — every path, scope, and error code
- Download OpenAPI spec — for codegen, Postman, or MCP tools
Log in to open the playground and manage API keys.
What you can access
- Tasks & projects — list, create, update, delete (write requires read-write key)
- Customers — CRM data with search, tags, and incremental sync via
updated_since - Calendar — unified feed plus generic events
- Invoices, products, bookings — read-only lists and detail
- Expenses & work logs — when your plan includes those features
- Team members — active roster for assignment context
- Meeting ingests — POST transcripts and extracted tasks (write scope)
Authentication & scopes
Each API key is tied to one organization. Keys use Sanctum bearer tokens with abilities such as
tasks.read, tasks.write, customers.read, calendar.read, and others.
Read-only keys cannot create or update data.
Two route shapes exist for every resource:
- Implicit org —
/api/v1/tasks(organization inferred from the key; recommended) - Explicit org —
/api/v1/organizations/{slug}/tasks(slug must match the key’s org)
Rate limits & errors
- Rate limit: 60 requests per minute per token. Responses include
X-RateLimit-LimitandX-RateLimit-Remaining. - Errors: JSON envelope
{ "success": false, "error": { "code": "...", "message": "..." } } - Throttled: HTTP 429 with
error.codeofrate_limited - Pending review: HTTP 202 with
error.codeofpending_review— action queued for human approval
Keeping docs up to date
The OpenAPI specification is the source of truth for the full API reference. When new endpoints ship, the spec is updated in the repository and served automatically at the OpenAPI download URL. The browser playground endpoint list is generated from registered routes, so new GET endpoints appear there without manual edits.
Also see Account & Plans for Pro features, and Settings & Organization for org configuration.