API Integrations: Keys for External Systems
API keys are the access code for external systems to communicate with Tesoro, your website, integrations, the Client Portal. Treat them like a password.
When do you use this?
Section titled “When do you use this?”- Create an initial API key for a developer
- Rotate an existing key if you suspect a leak
- Find a key for the Client Portal link
What is an API key?
Section titled “What is an API key?”A long random string that is sent with every API call. Tesoro recognizes which company it belongs to and which permissions apply.
Used by:
- Your own website to retrieve property feeds
- External integrations (CRM bridges, lead forms, website widgets)
- Client Portal (URL parameter
id=<api-sleutel>) - Webhooks (to authenticate outgoing hooks)
- Open API (for scripts and automation)
Generate a new key
Section titled “Generate a new key”- Settings → My Company → API Keys.
- Click Generate New Key.
- Give the key a recognizable name (e.g. “Website widget”).
- Click Generate. The key appears, copy it immediately.
Manage keys
Section titled “Manage keys”| Action | What |
|---|---|
| List | All keys with name + creation date (key itself not visible after creation) |
| Rename | Change name |
| Revoke | Permanently revoke; users of that key lose access immediately |
Security
Section titled “Security”- Treat like a password. Never commit it in public code.
- If you suspect a leak: revoke + generate new one. Immediately.
- One key per integration is recommended, in case of compromise you can revoke the relevant key without downtime.
- Logs: API access is logged. Ask the Tesoro team to check for suspicious activity.
Open API documentation
Section titled “Open API documentation”For developers: Tesoro Open API documentation via your Tesoro contact person. Endpoints for properties, contacts, leads, deals, activities.
Next step
Section titled “Next step” Webhooks Send real-time events to external systems.