App: Minotaur Sales API
Published by: Minotaur Sales
Supported on: app.minotaursales.io
Every API key carries a set of permissions that define exactly what it can do. Each permission is a combination of a subject (the resource being accessed) and an action (the operation being performed). If a request reaches an endpoint that requires a permission the key does not have, the API returns 403 Forbidden.
Permissions follow a subject:action model:
| Action | Meaning |
|---|
read | List, search, or retrieve records |
create | Create new records or trigger create-type operations |
update | Modify existing records |
delete | Remove records permanently |
Permission Referenceβ
Accountβ
| Permission | What it allows |
|---|
customer:read | Retrieve account summary: business info, user count, and active subscription details |
| Permission | What it allows |
|---|
contacts:read | List contacts, get a single contact, retrieve pagination metadata |
contacts:create | Create a new contact (with optional company, list, and assignee) |
contacts:update | Update contact fields, reassign, or add to lists |
contacts:delete | Permanently delete a contact |
Companiesβ
| Permission | What it allows |
|---|
companies:read | List companies, get a single company, retrieve pagination metadata |
companies:create | Create a new company |
companies:update | Update company fields |
companies:delete | Permanently delete a company |
| Permission | What it allows |
|---|
list_contacts:read | List all contact lists, duplicate a list, trigger contact verification |
list_contacts:create | Create a new contact list |
list_contacts:update | Rename or update a contact list |
list_contacts:delete | Delete a contact list |
list_contact_details:update | Add existing contacts to a list |
Productsβ
| Permission | What it allows |
|---|
products:read | List products or retrieve a single product |
products:create | Create a new product |
products:update | Update product fields |
products:delete | Delete a product |
Opportunitiesβ
| Permission | What it allows |
|---|
opportunities:read | List opportunities or retrieve a single opportunity |
opportunities:create | Create an opportunity with contacts, stage, products, and assignee |
opportunities:update | Update opportunity fields or modify associated products |
opportunities:delete | Delete an opportunity |
Pipelines & Stagesβ
| Permission | What it allows |
|---|
pipelines:read | List all pipelines or retrieve a pipeline with its stages |
stages:read | List the stages of a given pipeline |
| Permission | What it allows |
|---|
prospect:read | Search the prospect catalog, retrieve filter suggestions and pagination metadata |
payment_prospect:create | Unlock contacts from the catalog (consumes subscription credits) |
Email Verificationβ
| Permission | What it allows |
|---|
verify_email:create | Start email verification for a list of contacts (consumes verification credits) |
Assigning Permissionsβ
Permissions are selected when generating an API key in Settings β API Keys β Generate. Grant only the permissions your integration actually needs β following the principle of least privilege reduces the risk if a key is ever compromised.
Permissions Are Immutableβ
Once a key is issued, its permission set cannot be changed. To grant additional permissions or revoke existing ones, rotate the key (which issues a new key and immediately invalidates the old one) or create a new key with the desired scope.
Rotating a key is instant. Any system using the old key will start receiving 401 errors immediately after rotation.