API Access and Webhooks

How to generate API keys, authenticate API requests, set up webhooks, and build custom integrations with the JobsiteOn API.

Written by Ethan RiveraUpdated over a month ago3 min readAdvanced

What this guide covers

This guide explains how to access the JobsiteOn API for building custom integrations. You will learn how to generate API keys, authenticate requests, set up webhooks, and understand rate limits.

Before you begin

You need Owner permissions to generate API keys.
Familiarity with REST APIs and HTTP requests is required.
API access is available on Business and Enterprise plans.

Step 1: Generate an API key

Go to /settings > Workspace > Integrations.
Click API Keys.
Click Generate New Key.
Enter a Label for the key (e.g., "CRM Integration").
Select the Permissions (read, write, or both) for each entity.
Click Generate.
Copy the key immediately -- it is shown only once.

Screenshot: The API key generation dialog showing a label field, permission checkboxes for contacts, jobs, invoices, and a Generate button.

Step 2: Authenticate API requests

Include your API key in the Authorization header:

Authorization: Bearer your_api_key_here

All API requests must use HTTPS. HTTP requests are rejected.

Step 3: Explore the API

The API base URL is:

https://api.jobsiteon.com/v1

Available endpoints include:

Endpoint	Methods	Description
`/contacts`	GET, POST, PATCH	Manage contacts
`/jobs`	GET, POST, PATCH	Manage jobs
`/invoices`	GET, POST, PATCH	Manage invoices
`/payments`	GET, POST	View and record payments
`/pricebook`	GET, POST, PATCH	Manage pricebook items
`/properties`	GET, POST, PATCH	Manage properties

Animation: A terminal showing a curl command hitting the /contacts endpoint and receiving a JSON response with contact data.

Step 4: Set up webhooks

Webhooks push real-time event notifications to your server.

Go to /settings > Workspace > Integrations > Webhooks.
Click Add Webhook.
Enter the URL where events should be sent.
Select the Events you want to subscribe to.
Click Save.

Available webhook events

contact.created, contact.updated
job.created, job.updated, job.completed
invoice.created, invoice.sent, invoice.paid
payment.received
request.created

Step 5: Verify webhook signatures

Each webhook request includes an X-Signature header. Verify this signature using your API key to confirm the request came from JobsiteOn.

Rate limits

100 requests per minute per API key.
Rate limit headers are included in every response: X-RateLimit-Remaining and X-RateLimit-Reset.
Exceeding the limit returns a 429 Too Many Requests response.

Tip: Use webhooks instead of polling for real-time data. Webhooks push data to you immediately, reducing API calls and latency.

Note: Keep your API keys secure. Never expose them in client-side code, public repositories, or logs. Rotate keys regularly and revoke any that may have been compromised.

Did this answer your question?