07 · API Limits & Platform

The REST API (auth header API-Key) writes actions IN — leads, orders/sales, calls, subscriptions — and reads them back via the GET endpoints; GET /user-info validates a key. It does not "pull data out" in an event sense — that's outbound webhooks. The Request Explorer ships every endpoint verified against the official reference.

Expect ~15–30 minutes of processing latency before data shows up — that's normal, not a bug. The API enforces two ceilings (per the live RateLimit header): 1000 requests per minute AND 30 requests per second. On a 429, slow down and add delays. For large historical loads, prefer CSV import over hammering the API.

If cookies are dropped or declined, attribution still works: Hyros falls back to the IP address (one of its four identifiers — email, phone, IP, session id) to stitch the person. So losing the cookie degrades but does not necessarily break attribution.

Hyros supports importing data via CSV — use it for historical backfills and bulk corrections instead of high-volume API calls. Clean the identity column (email/phone) and validate a small sample before uploading the full file.