Pulsar iconPulsar Spaces

Pulsar API

API checking

Workspace API docs

Build on top of Pulsar

Pull and push projects tasks and CRM entities with scoped API keys webhook events.

Sign in to create API keyOpen API manager

Quickstart

  1. 1. Create an API key in Settings then API.
  2. 2. Assign only the scopes your integration needs.
  3. 3. Add optional IP allowlist and rotation policy.
  4. 4. Call `/api/v1/*` with `Authorization: Bearer psk_...`.
  5. 5. Subscribe to outbound webhooks for push updates.
curl -X GET "https://www.pulsarspaces.com/api/v1/projects?workspaceId=WORKSPACE_UUID&limit=100" \
  -H "Authorization: Bearer psk_your_api_key" \
  -H "x-workspace-id: WORKSPACE_UUID"

Authentication and policy

Required

Bearer API key and workspace id in query or `x-workspace-id` header.

Least privilege

Keys now require explicit scopes. Empty scope keys are denied.

IP allowlist

Support for exact IP and CIDR ranges with runtime enforcement.

Rotation

Optional key age policy can force key rotation before API access.

MCP server

Pulsar exposes a secure Model Context Protocol server at /api/mcp with JSON-RPC 2.0 over HTTPS.

Phase 1 connect

Use initialize ping tools/list resources/list and prompts/list.

Phase 2 read context

Read projects tasks CRM plus workspace resources and company docs.

Phase 3 write tools

Create and update entities with strict scope checks and API-key policies.

Security controls

  • Scoped API keys are required and empty-scope keys are denied.
  • Workspace scoping is mandatory through workspace key binding or `x-workspace-id`.
  • IP allowlist rate-limit and rotation policy checks are enforced before RPC execution.
  • Tool-level scope gates block unauthorized write operations.
curl -X POST "https://www.pulsarspaces.com/api/mcp" \
  -H "Authorization: Bearer psk_your_api_key" \
  -H "x-workspace-id: WORKSPACE_UUID" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "projects.list",
      "arguments": { "limit": 25 }
    }
  }'

API Reference

Generated directly from OpenAPI. Search filter inspect request and copy curl examples.

Loading reference...

Outbound webhooks

Write API operations enqueue webhook deliveries. Each delivery includes retry and security metadata.

Signing

HMAC SHA256 signature in `x-pulsar-signature` plus timestamp header.

Retries

Automatic retry with exponential backoff and dead-letter after max attempts.

x-pulsar-event: projects.updated
x-pulsar-delivery-id: 8dbd...
x-pulsar-signature-timestamp: 1710976000
x-pulsar-signature: t=1710976000,v1=sha256_hmac_hex

OpenAPI and SDK

Download machine-readable spec and client starter files.

OpenAPI 3.1 specificationTypeScript SDK sampleMCP config example (JSON)

Support and integration review

For production reviews include required scopes expected throughput webhook endpoint details and recovery expectations.

Contact supportView status page