API Integration Guide

Connect Rembrandt to external applications, webhooks, and third-party tools using our REST API.

Overview

The Rembrandt REST API provides programmatic access to your data through standard HTTP requests.

Authentication

All API requests require authentication using an API key (format: rk_*).

Getting Your API Key

API keys are created through Service Accounts in your Rembrandt dashboard:

1. Log in to your Rembrandt account

2. Navigate to Settings → Service Accounts

3. Create a Service Account (if you don't have one)

4. Click Create API Key in your service account

5. Enter a name for your API key

6. ⚠️ IMPORTANT: Copy the API key immediately - it starts with rk_ and is only shown once!

7. Store it securely (password manager, environment variables, secrets management)

Using Your API Key

Include your API key in the Authorization header:

Authorization: Bearer rk_your_api_key_here

Security Best Practices:

• Keep your API key secret - never commit it to version control

• Never share your API key publicly or in screenshots

• Use different API keys for different environments (production, staging, development)

• Rotate API keys regularly

• Revoke keys immediately if compromised

Base URL

https://api.rembrandtagents.com

API Version: v1

API Documentation

• Interactive Documentation: https://api.rembrandtagents.com/docs

• OpenAPI Specification: https://api.rembrandtagents.com/docs/json

Response Format

All list endpoints return a consistent response with pagination metadata:

{
  "success": true,
  "data": {
    "prospects": [...],
    "totalCount": 150,
    "pagination": {
      "offset": 0,
      "limit": 20,
      "totalCount": 150,
      "hasMore": true
    }
  },
  "timestamp": "2026-02-19T10:30:00.000Z"
}

Use pagination.hasMore to determine if more pages exist. To fetch the next page, set offset to offset + limit.

Available Endpoints

Prospects

GET /v1/prospects

List, filter, and search prospects. All signal filters (signalContent, evidenceKeywords, signalCategories, signalSourceTypes) are available as optional parameters on this endpoint.

Query Parameters:

• Filters: companyName, domainName, country (ISO 2-letter)

• Signal filters: signalContent, evidenceKeywords, signalCategories, signalSourceTypes

• Sorting: sortBy (lastActivity, companyName, signalCount, maxConvictionScore, avgConvictionScore, openOpportunitiesCount), sortOrder (asc, desc)

• Pagination: limit (1-100, default: 20), offset (default: 0, max: 9900)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/prospects?country=NL&sortBy=lastActivity&limit=10"

# With signal content search
curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/prospects?signalContent=hiring&country=NL&limit=10"

# Sort by highest conviction score
curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/prospects?sortBy=maxConvictionScore&sortOrder=desc&limit=10"

Additional fields in list response (beyond id, companyId, etc.):

• maxConvictionScore (number | null) — highest conviction score across all open opportunities (0-5)

• avgConvictionScore (number | null) — average conviction score across all open opportunities (0-5)

• shortSummary (string | null) — short summary of the prospect

• executiveSummary (string | null) — extended executive summary

GET /v1/prospects/:id

Get detailed prospect information including signal intelligence.

Path Parameter: id (UUID — also accepts prospect-{uuid} format)

Query Parameters: includeAllSignals (boolean, default: false), signalLimit (1-1000, default: 100 — ignored if includeAllSignals=true), timeframe (7d, 30d, 90d, all)

Additional fields in response (beyond list fields):

Prospect-level:

• maxConvictionScore (number | null) — highest conviction score across all open opportunities (0-5)

• avgConvictionScore (number | null) — average conviction score across all open opportunities (0-5)

• shortSummary (string | null) — short summary of the prospect

• executiveSummary (string | null) — extended executive summary

• signalIntelligence (array) — full signal intelligence data

Each signalIntelligence item includes:

• signalId, content, sourceType, createdAt, confidence, sourceLinks, evidenceItems

• signalTier (string | null) — tier classification of the signal

• signalStage (string | null) — buying journey stage (AWARENESS, CONSIDERATION, OPTIMIZATION, UNAWARE)

• signalCategoryIds (string[]) — category IDs associated with this signal

• summary (string | null) — AI-written description of the signal match

• relevance (string | null) — explanation of why this signal is relevant

• sourceDate (string | null) — publication or posting date of the original source (distinct from createdAt)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/prospects/123e4567-e89b-12d3-a456-426614174000?includeAllSignals=true"

Companies

GET /v1/companies

List companies with filters.

Query Parameters:

• Filters: name, industry, status (ACTIVE, INACTIVE, ARCHIVED — default: ACTIVE)

• Sorting: sortBy (name, createdAt), sortOrder (asc, desc)

• Pagination: limit (1-100, default: 50), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/companies?industry=Technology&limit=20"

GET /v1/companies/:id

Get company details including its prospects.

Path Parameter: id (UUID)

Query Parameters: domainName, country (to filter prospects)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/companies/123e4567-e89b-12d3-a456-426614174000"

Solutions

GET /v1/solutions

List solutions (detection patterns / use cases).

Query Parameters:

• Filters: name, isActive (true/false), domainId

• Pagination: limit (1-100, default: 20), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/solutions?isActive=true"

GET /v1/solutions/:id

Get solution details with opportunity stats.

Path Parameter: id (UUID)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/solutions/123e4567-e89b-12d3-a456-426614174000"

Opportunities

GET /v1/opportunities

List opportunities with filters.

Query Parameters:

• Filters: prospectId, companyId, solutionId, domainId, status (OPEN, IN_PROGRESS, COMPLETED), country, minConvictionScore (0-5)

• Sorting: sortBy (convictionScore, momentToActDate, createdAt, status), sortOrder (asc, desc)

• Pagination: limit (1-100, default: 20), offset (default: 0, max: 9900)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/opportunities?status=OPEN&minConvictionScore=3&limit=20"

GET /v1/opportunities/:id

Get opportunity details including related signal matches.

Path Parameter: id (UUID)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/opportunities/123e4567-e89b-12d3-a456-426614174000"

Domains

GET /v1/domains

List signal domains.

Query Parameters:

• Filters: includeArchived (true/false, default: false)

• Pagination: limit (1-100, default: 50), offset (default: 0)

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/domains?limit=50"

GET /v1/domains/:id

Get domain details including frameworks and statistics.

Path Parameter: id (UUID)

Response includes (beyond list fields): frameworks (array with id, name, description), solutionCount (number of solutions linked to this domain).

curl -H "Authorization: Bearer rk_your_api_key" \
  "https://api.rembrandtagents.com/v1/domains/123e4567-e89b-12d3-a456-426614174000"

Public Endpoints (No Authentication Required)

• GET / - API information and available endpoints

• GET /health - Health check endpoint

• GET /docs - Interactive Swagger/OpenAPI documentation

Use Cases

The REST API can be used for:

• Custom integrations with CRM systems

• Webhook integrations

• Automation scripts and workflows

• Third-party application integrations

• ChatGPT Actions (OpenAPI)

• Microsoft Copilot Studio, Microsoft 365 Copilot, and Azure AI Studio integrations

Integration Guides:

• ChatGPT Actions Integration - Connect ChatGPT via OpenAPI Actions

• Microsoft Integration Guide - Connect to Microsoft Copilot Studio, Microsoft 365 Copilot, and Azure AI Studio

Note: For CRM integrations like HubSpot and Salesforce, see our CRM Integration Guide. For AI assistant integrations via MCP, see our MCP Integration Guide.

Rate Limits

Rate limits are applied per API key:

• Per API Key: 1,000 requests/hour (regular), 2,000 requests/hour (burst)

• Per Organization: 5,000 requests/hour (regular), 10,000 requests/hour (burst)

• Per IP: 100 requests/minute (regular), 1,000 requests/hour (burst)

Rate limit information is included in response headers:

• X-RateLimit-Remaining-Key - Remaining requests for your API key

• X-RateLimit-Reset-Key - Timestamp when the limit resets

• X-RateLimit-Remaining-Org - Remaining requests for your organization

• X-RateLimit-Reset-Org - Timestamp when the org limit resets

If you exceed rate limits, you'll receive a 429 Too Many Requests response.

Error Handling

All endpoints return a consistent error format:

{
  "success": false,
  "error": "Error message",
  "errorCode": "ERROR_CODE",
  "errorId": "uuid-for-tracking",
  "timestamp": "2024-01-15T10:30:00Z",
  "path": "/v1/prospects",
  "method": "GET"
}

Common Error Codes

• 400 Bad Request: Invalid parameters (e.g., invalid country code, limit out of range)

• 401 Unauthorized: Missing or invalid API key

• 403 Forbidden: Insufficient permissions

• 404 Not Found: Prospect/company not found

• 429 Too Many Requests: Rate limit exceeded

• 500 Internal Server Error: Server-side issue

Always check the success field in responses and handle errors gracefully.

Security Best Practices

1. Keep API keys secure - Never commit API keys to version control

2. Use environment variables - Store keys in secure configuration

3. Rotate keys regularly - Regenerate keys periodically

4. Monitor usage - Review API usage in Settings → Service Accounts

5. Use HTTPS only - Always connect over HTTPS

6. Never share keys publicly - Don't include keys in screenshots or public documentation

7. Use different keys per environment - Separate keys for production, staging, and development

Support

For API support and questions:

• Review the API documentation

• Check our Troubleshooting Guide

• Contact support at api-support@rembrandtagents.com