API Integration Guide

Connect Rembrandt to external applications, webhooks, and third-party tools using our REST API.

Overview

The Rembrandt REST API provides programmatic access to your data through standard HTTP requests.

Authentication

All API requests require authentication using an API key (format: rk_*).

Getting Your API Key

API keys are created through Service Accounts in your Rembrandt dashboard:

1. Log in to your Rembrandt account

2. Navigate to Settings > Organization > API Tokens

3. Create a Service Account (if you don't have one)

4. Click Create API Key in your service account

5. Enter a name for your API key

6. Important: Copy the API key immediately — it starts with rk_ and is only shown once

7. Store it securely (password manager, environment variables, secrets management)

Using Your API Key

Include your API key in the Authorization header:

Authorization: Bearer rk_your_api_key_here

Security Best Practices:

• Keep your API key secret - never commit it to version control

• Never share your API key publicly or in screenshots

• Use different API keys for different environments (production, staging, development)

• Rotate API keys regularly

• Revoke keys immediately if compromised

Base URL

https://api.rembrandtagents.com

API Version: v1

API Documentation

• Interactive Documentation: https://api.rembrandtagents.com/docs

• OpenAPI Specification: https://api.rembrandtagents.com/docs/json

Response Format

All list endpoints return a consistent response with pagination metadata:

{
  "success": true,
  "data": {
    "accounts": [...],
    "totalCount": 150,
    "pagination": {
      "offset": 0,
      "limit": 20,
      "totalCount": 150,
      "hasMore": true
    }
  },
  "timestamp": "2026-04-21T10:30:00.000Z"
}

Use pagination.hasMore to determine if more pages exist. To fetch the next page, set offset to offset + limit.

Available Endpoints

The REST API exposes four resource families:

• Accounts — companies tracked inside Rembrandt

• Opportunities — open, in-progress and completed buying opportunities

• Solutions — detection patterns (use cases) that drive opportunity generation

• Signal Domains — top-level groupings that contain solutions and frameworks

April 2026 rename: /v1/companies was renamed to /v1/accounts and the /v1/prospects endpoints were removed. See the API Changelog for migration details.

Accounts

GET /v1/accounts

List and filter accounts (companies) in your organization.

Query Parameters:

• Filters: name (contains match), industry, status (ACTIVE, INACTIVE, ARCHIVED — default: ACTIVE)

• Sorting: sortBy (name, createdAt — default: name), sortOrder (asc, desc — default: asc)

• Pagination: limit (1-100, default: 50), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/accounts?industry=Technology&limit=20"

Each account in the response includes:

• id (UUID), name, industry (nullable), website (nullable)

• headquartersCountry (lowercase ISO-2, e.g. nl, us)

• status (ACTIVE | INACTIVE | ARCHIVED)

• opportunityCount (number of opportunities for this account)

• createdAt, updatedAt (ISO-8601 timestamps)

GET /v1/accounts/:id

Get full details for a single account.

Path Parameter: id (UUID)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/accounts/123e4567-e89b-12d3-a456-426614174000"

To retrieve the opportunities (and their signal intelligence) for an account, call GET /v1/opportunities?accountId=....

Solutions

GET /v1/solutions

List solutions (detection patterns / use cases).

Query Parameters:

• Filters: name, isActive (true/false), domainId

• Pagination: limit (1-100, default: 20), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/solutions?isActive=true"

GET /v1/solutions/:id

Get solution details with opportunity stats.

Path Parameter: id (UUID)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/solutions/123e4567-e89b-12d3-a456-426614174000"

Opportunities

GET /v1/opportunities

List opportunities with filters.

Query Parameters:

• Filters: accountId (UUID), solutionId (UUID), status (OPEN, IN_PROGRESS, COMPLETED), country (ISO 2-letter, case-insensitive), minConvictionScore (0-5)

• Sorting: sortBy (convictionScore, momentToActDate, createdAt, status — default: createdAt), sortOrder (asc, desc — default: desc)

• Pagination: limit (1-100, default: 20), offset (default: 0, max: 9900)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/opportunities?status=OPEN&minConvictionScore=3&limit=20"

# All open opportunities for one account
curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/opportunities?accountId=123e4567-e89b-12d3-a456-426614174000&status=OPEN"

GET /v1/opportunities/:id

Get opportunity details including related signal matches.

Path Parameter: id (UUID)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/opportunities/123e4567-e89b-12d3-a456-426614174000"

Domains

GET /v1/domains

List signal domains.

Query Parameters:

• Filters: includeArchived (true/false, default: false)

• Pagination: limit (1-100, default: 50), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/domains?limit=50"

GET /v1/domains/:id

Get domain details including frameworks and statistics.

Path Parameter: id (UUID)

Response includes (beyond list fields): frameworks (array with id, name, description), solutionCount (number of solutions linked to this domain).

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/domains/123e4567-e89b-12d3-a456-426614174000"

Public Endpoints (No Authentication Required)

• GET / - API information and available endpoints

• GET /health - Health check endpoint

• GET /docs - Interactive Swagger/OpenAPI documentation

Use Cases

The REST API can be used for:

• Custom integrations with CRM systems

• Webhook integrations

• Automation scripts and workflows

• Third-party application integrations

• ChatGPT Actions (OpenAPI)

• Microsoft Copilot Studio, Microsoft 365 Copilot, and Azure AI Studio integrations

Integration Guides:

• ChatGPT Actions Integration - Connect ChatGPT via OpenAPI Actions

• Microsoft Integration Guide - Connect to Microsoft Copilot Studio, Microsoft 365 Copilot, and Azure AI Studio

Note: For CRM integrations like HubSpot and Salesforce, see our CRM Integration Guide. For AI assistant integrations via MCP, see our MCP Integration Guide.

Rate Limits

Rate limits are applied per API key:

• Per API Key: 1,000 requests/hour (regular), 2,000 requests/hour (burst)

• Per Organization: 5,000 requests/hour (regular), 10,000 requests/hour (burst)

• Per IP: 100 requests/minute (regular), 1,000 requests/hour (burst)

Rate limit information is included in response headers:

• X-RateLimit-Remaining-Key - Remaining requests for your API key

• X-RateLimit-Reset-Key - Timestamp when the limit resets

• X-RateLimit-Remaining-Org - Remaining requests for your organization

• X-RateLimit-Reset-Org - Timestamp when the org limit resets

If you exceed rate limits, you'll receive a 429 Too Many Requests response.

Error Handling

All endpoints return a consistent error format:

{
  "success": false,
  "error": "Error message",
  "errorCode": "ERROR_CODE",
  "errorId": "uuid-for-tracking",
  "timestamp": "2024-01-15T10:30:00Z",
  "path": "/v1/accounts",
  "method": "GET"
}

Common Error Codes

• 400 Bad Request: Invalid parameters (e.g., invalid country code, limit out of range)

• 401 Unauthorized: Missing or invalid API key

• 403 Forbidden: Insufficient permissions

• 404 Not Found: Account, opportunity, solution, or domain not found

• 429 Too Many Requests: Rate limit exceeded

• 500 Internal Server Error: Server-side issue

Always check the success field in responses and handle errors gracefully.

Security Best Practices

1. Keep API keys secure - Never commit API keys to version control

2. Use environment variables - Store keys in secure configuration

3. Rotate keys regularly - Regenerate keys periodically

4. Monitor usage - Review API usage in Settings > Organization > API Tokens

5. Use HTTPS only - Always connect over HTTPS

6. Never share keys publicly - Don't include keys in screenshots or public documentation

7. Use different keys per environment - Separate keys for production, staging, and development

Support

For API support and questions:

• Review the API documentation

• Check our Troubleshooting Guide

• Contact support at api-support@rembrandtagents.com