# Build with APIs
{% hint style="success" %}
**Audience:** Administrators and Developers
**Purpose:** Provides an overview of space.vars.Kizen\_company\_name's APIs, including how it works, key concepts, and available authentication methods, to help administrators and developers understand what they need before building integrations.
{% endhint %}
## Overview
space.vars.Kizen\_company\_name's APIs give you programmatic access to the data, space.vars.objects, and space.vars.automation engine that powers the space.vars.Kizen\_company\_name platform. Using our APIs, allows you to connect to external systems, sync data, trigger space.vars.workflows, and build custom integrations without touching the space.vars.Kizen\_company\_name UI.
### What You Can Do with Kizen's APIs
space.vars.Kizen\_company\_name's APIs support a wide range of operations across the platform, including:
* Reading and writing space.vars.entities for any space.vars.object or space.vars.contact
* Retrieving space.vars.object schemas, field definitions, and pipeline configuration
* Triggering space.vars.automations programmatically
* Scheduling and managing space.vars.activities
* Checking user permissions at runtime
* Extending the platform through webhooks and plugins
### How the APIs Work
space.vars.Kizen\_company\_name's APIs are REST APIs. All requests are made over HTTPS to a base URL. The URL you use depends on your space.vars.Kizen\_company\_name [environment](https://developer.kizen.com/docs/developers/environments). The following is an example:
```
https://app.go.kizen.com/api/
```
Requests and responses use JSON. Every API call must include three credentials passed as HTTP request headers — an **API Key**, a **Business ID**, and a **User ID**. Together, these three values tell the API who is making the request, which business account to scope it to, and whether that user has permission to access the requested data.
| Header | Purpose |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| `X-API-KEY` | Authenticates the request — acts as the password for the User ID |
| `X-BUSINESS-ID` | Scopes the request to the correct space.vars.Kizen\_company\_name business account |
| `X-USER-ID` | Identifies the user, determining which space.vars.entities and features are accessible based on their permissions |
All three headers are required on every request. Generating these credentials is covered in [Generate API Credentials](https://developer.kizen.com/docs/developers/building-with-apis/generating-api-credentials).
***
## API Fundamentals
Before diving into API calls, a few core concepts are worth understanding.
Here's a table summarizing the API Fundamentals concepts:
| Concept | Definition | Key Detail |
| -------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| [Objects](https://developer.kizen.com/docs/concepts/objects) | Tables in your data model | Configured by you or your team; Contact Object is a special type for storing individual's information |
| [Records](https://developer.kizen.com/docs/concepts/objects/records) | Rows within an Object | Represents a single entry of data within an Object |
| [Object Identifiers](https://developer.kizen.com/docs/concepts/objects/object-data-model#how-objects-are-identified) | Unique ID (UUID) or API Name that identifies every Object | API Names are preferred — easier to read, resilient to data model changes, and usable across businesses with different credentials |
| [Permissions](https://developer.kizen.com/docs/concepts/objects/object-configuration/object-permissions) | Access rules that control what data a request can read or modify | Based on the User ID in request headers; a dedicated API user with a purpose-built permission group is strongly recommended |
space.vars.Kizen\_company\_name supports two authentication methods:
* Token-based authentication is quick to set up, passing a static API Key, Business ID, and User ID as headers on every request.
* OAuth 2.0 is the more secure option for production integrations, using an Authorization Code flow with PKCE (Proof Key for Code Exchange) and automatic token expiration.
For more information see, [Authentication](https://developer.kizen.com/docs/developers/authentication).
***
## Topics In This Section
* [Generate API Credentials](https://developer.kizen.com/docs/developers/building-with-apis/generating-api-credentials): Create your API Key, Business ID, and User ID in the space.vars.Kizen\_company\_name UI
* [Create Your First API Call](https://developer.kizen.com/docs/developers/building-with-apis/creating-your-first-api-call): Use those credentials to make a live, authenticated API request
***
## What's Next
Start with [Generate API Credentials](https://developer.kizen.com/docs/developers/building-with-apis/generating-api-credentials) — once your credentials are ready, you have everything you need to make your first API call.
Related Topics
* [Environments](https://developer.kizen.com/docs/developers/environments)
* [Authentication](https://developer.kizen.com/docs/developers/authentication)
* [Generating API Credentials](https://developer.kizen.com/docs/developers/building-with-apis/generating-api-credentials)
* [Create Your First API Call](https://developer.kizen.com/docs/developers/building-with-apis/creating-your-first-api-call)