Advanced

Seedling API

The Seedling API lets you connect AI agents, MCP servers, automation tools (Zapier, Make, n8n), and custom scripts to your organization data. It uses standard JSON over HTTPS with scoped bearer tokens. Pro plan required.

You do not need a SafeNode account. On Pro, Seedling includes built-in policy enforcement powered by SafeNode. Create an API key, connect your agent, and risky writes are gated automatically — with a review queue inside Seedling when human approval is required.

Connect your agent (step by step)

Seedling is tool-agnostic. Any agent that can send HTTPS requests with a bearer token can read and (with the right key) write your org data. Here is the recommended path from zero to a working automation.

Step 1 — Enable API access and create a key

  1. Open Settings → Advanced → API Keys (Pro plan).
  2. Turn on Enable API access for this organization.
  3. Create a key with a label (e.g. Claude ops agent) and choose Read only or Read and write.
  4. Copy the token immediately — it is shown only once.

Step 2 — Verify the connection

Base URL: https://www.seedlingcrm.com/api · Header: Authorization: Bearer <your-token>

Call the discovery endpoint to confirm org context, scopes, and available endpoints:

curl -s -H "Authorization: Bearer YOUR_TOKEN" \
  https://www.seedlingcrm.com/api/v1/me

You should see JSON with your organization, plan capabilities, token abilities, and endpoint families. Log in to use the browser playground.

Step 3 — Let your agent read (and optionally write)

Point your agent at the OpenAPI spec or the endpoint list from GET /api/v1/me. Common starting points:

  • GET /api/v1/tasks — list and filter tasks
  • GET /api/v1/customers — CRM with search and incremental sync
  • GET /api/v1/calendar — unified calendar feed
  • POST /api/v1/tasks — create a task (requires read-write key; subject to SafeNode policy)

Step 4 — Understand write protection (SafeNode, included)

When you use a read and write key, Seedling evaluates each gated write through SafeNode before it runs. You stay in Seedling for review — no separate SafeNode signup required.

  • Allow — the write completes normally.
  • Review — Seedling returns HTTP 202 with pending_review; approve or deny in your org’s review queue.
  • Deny — HTTP 403 with a policy reason; nothing is changed.

Agent setup examples

Pick the path that matches your stack. All paths use the same Seedling API key and base URL.

curl or any HTTP client

Works everywhere — scripts, cron jobs, serverless functions, or quick tests.

# Read
curl -s -H "Authorization: Bearer YOUR_TOKEN" \
  "https://www.seedlingcrm.com/api/v1/tasks?status=todo"

# Write (gated by SafeNode on Pro)
curl -s -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"title":"Follow up with Acme","status":"todo"}' \
  "https://www.seedlingcrm.com/api/v1/tasks"

Claude Agent SDK (TypeScript / Python)

The Claude Agent SDK runs an agent loop with tools. Give your agent HTTP tools (or a thin wrapper) that call Seedling with your bearer token.

  1. Store SEEDLING_API_TOKEN and SEEDLING_API_BASE=https://www.seedlingcrm.com/api in your agent environment — never in client-side code.
  2. On startup, call GET /api/v1/me so the agent knows org context and allowed scopes.
  3. Register tools such as list_tasks, create_task, search_customers that map to Seedling REST paths.
  4. For writes, handle 202 pending_review by telling the user to approve in Seedling, or poll the review queue if you build that into your workflow.

Tip: download the OpenAPI spec (below) and use it to generate typed clients or MCP tool definitions for your agent.

Cursor, MCP servers, and IDE agents

Point an MCP server or Cursor agent at Seedling’s OpenAPI spec. Many setups expose GET /api/v1/me, task list/create, and customer search as MCP tools. Use a read-only key for exploration; switch to read-write only when you trust the workflow.

Zapier, Make, n8n

Use the Webhooks / HTTP Request action with your bearer token. Trigger on schedules or external events, read Seedling data, and POST updates when needed. Writes from automations are subject to the same SafeNode gates as agent writes.

Optional — custom SafeNode policies (advanced)

Default policies are managed by Seedling for all Pro orgs. If you operate your own SafeNode workspace and want finer-grained rules, action types and context fields are documented in docs/seedling-api/safenode-action-catalog.md (repo). Match policies to your Seedling organization id from GET /api/v1/me. Learn more at safenode.tech.

Docs & playground

Full reference and a live browser playground are in the app (login required):

Log in to open the playground and manage API keys.

What you can access

  • Tasks & projects — list, create, update, delete (write requires read-write key)
  • Customers — CRM data with search, tags, and incremental sync via updated_since
  • Calendar — unified feed plus generic events
  • Invoices, products, bookings — read-only lists and detail
  • Expenses & work logs — when your plan includes those features
  • Team members — active roster for assignment context
  • Meeting ingests — POST transcripts and extracted tasks (write scope)

Authentication & scopes

Each API key is tied to one organization. Keys use Sanctum bearer tokens with abilities such as tasks.read, tasks.write, customers.read, calendar.read, and others. Read-only keys cannot create or update data.

Two route shapes exist for every resource:

  • Implicit org/api/v1/tasks (organization inferred from the key; recommended)
  • Explicit org/api/v1/organizations/{slug}/tasks (slug must match the key’s org)

Rate limits & errors

  • Rate limit: 60 requests per minute per token. Responses include X-RateLimit-Limit and X-RateLimit-Remaining.
  • Errors: JSON envelope { "success": false, "error": { "code": "...", "message": "..." } }
  • Throttled: HTTP 429 with error.code of rate_limited
  • Pending review: HTTP 202 with error.code of pending_review — action queued for human approval

Keeping docs up to date

The OpenAPI specification is the source of truth for the full API reference. When new endpoints ship, the spec is updated in the repository and served automatically at the OpenAPI download URL. The browser playground endpoint list is generated from registered routes, so new GET endpoints appear there without manual edits.

Also see Account & Plans for Pro features, and Settings & Organization for org configuration.