Quickstart
Overview
This guide shows how a Syllecta customer gets value within minutes: retrieve an API key, lock an idempotent record, save it, configure a webhook provider, and verify results in the dashboard.
Prerequisites
- A Syllecta workspace with dashboard access
- At least one tenant API key
- A callback URL that can receive forwarded webhooks
Before sending real customer traffic, review the Security and data protection guide. Syllecta works from operational metadata first, and webhook payloads should not include card data, passwords, access tokens, long-lived secrets, or unnecessary personal data.
1. Get Your API Key
- Sign in to the Syllecta dashboard.
- Open your tenant page (or ask an admin) and copy an existing API key. If your role allows it, create a new key there.
- Copy the value and store it securely; you’ll use it as
Authorization: Bearer <API_KEY>for REST and webhook calls.
2. Lock then Save a Record via /v1/record
First acquire a lock with POST /v1/record, then save the result with PUT /v1/record.
curl -X POST https://api.syllecta.com/v1/record \ -H "Authorization: Bearer <API_KEY>" \ -H "Content-Type: application/json" \ -d '{ "scope": "orders", "key": "order-0001" }'
If you receive:
{ "cached": true }
reuse the stored record. If you receive:
{ "locked": true }
run your handler and then persist the result:
curl -X PUT https://api.syllecta.com/v1/record \ -H "Authorization: Bearer <API_KEY>" \ -H "Content-Type: application/json" \ -d '{ "scope": "orders", "key": "order-0001", "body": { "status": "paid" } }'
3. Configure Webhook Providers
- In the dashboard, open Webhooks and pick an enabled provider: Stripe, Shopify, GitHub, or Generic HMAC. PayPal requires controlled-rollout approval; Braintree is not production-enabled yet.
- Enter your callback URL and secret. Syllecta uses these to verify and forward events.
- Copy the inbound URL shown (either
/v1/webhooks/:provideror your slugged endpoint).
4. Send a Test Webhook
Use the provider’s tooling or a curl command to hit Syllecta:
curl -X POST https://api.syllecta.com/v1/webhooks/generic \ -H "Authorization: Bearer <API_KEY>" \ -H "X-Syllecta-Signature: t=1699999999,v1=<HMAC>" \ -H "Content-Type: application/json" \ -d '{ "id": "evt_demo_1", "type": "invoice.updated", "data": { "invoiceId": "inv_42" } }'
Syllecta validates the signature, stores the metadata, and forwards the normalized payload to your callback. Duplicates return:
{ "ok": true, "cached": true }
5. Monitor in the Dashboard
- Open your dashboard or tenant page to review current usage counters.
- Visit Webhooks → Events to confirm your test webhook shows
processedand to view the redacted headers/payload detail. - If you are an admin, review Audit Logs for retries or settings changes related to the test flow.
6. Common HTTP Responses
| Status | Meaning | Action |
|---|---|---|
| 200 | Request accepted | Continue |
| 200 + cached | Duplicate idempotent call | Safe to reuse cached record |
| 202 | Webhook queued in degraded mode | Wait for delivery to resume, then check worker health if it persists |
| 400 | Malformed request or invalid signature | Fix request |
| 403 | API key invalid or missing | Check credential |
| 429 | Usage limit reached | Inspect tenant usage counters / contact Syllecta |
7. Next Steps
You’re now ready to connect a controlled workload. Syllecta handles dedupe, validation, and delivery tracking so your team can focus on business logic.