API Overview
The BrikSync PropOS API is a RESTful API that allows BUSINESS plan users to read and write property management data programmatically. Use it to integrate with CRMs, accounting software, custom dashboards, or any external system.API access is available on the BUSINESS plan. Upgrade from Settings → Billing
to enable API access.
Base URL
Current API routes are served from the main app origin under/api.
Production example:
OpenAPI and Interactive Docs
- OpenAPI JSON:
/api/docs - Swagger UI:
/api/docs/ui
Versioning
The API is currently in v0 (pre-release). Breaking changes may occur until v1.0. When a stable v1 release is available, it will be announced in the changelog. Future breaking changes after v1 will follow a minimum 12-month deprecation timeline, and you will be notified by email.Available Resources
The API provides access to the following resources:| Resource | Description |
|---|---|
/health | Liveness probe. Returns 200 when the server process is running. No authentication required. |
/docs | Returns the full OpenAPI 3.1.0 specification as JSON. Includes CORS headers for cross-origin access and the X-Content-Type-Options: nosniff security header. No authentication required. |
/docs/ui | Returns an interactive Swagger UI page for API exploration. No authentication required. The page is not indexed by search engines. Includes Cache-Control, X-Content-Type-Options, and Content-Security-Policy response headers. |
/auth/callback | OAuth and email verification callback. Accepts an optional authorization code, exchanges it for a session, and redirects the user. If the code is omitted, redirects to the sign-in page with an error indicator instead of returning a failure response. When the authentication provider is temporarily unavailable, protected routes redirect to /login?auth=temporarily_unavailable and the login page displays a degraded-service banner. |
/auth/signout | Sign out the current user. Accepts GET or POST. Always redirects to the login page. |
/properties | List, retrieve, create, update, archive, restore, and compare properties. Requires landlord role or higher. Use the availability=archived filter to list archived properties. |
/units | Manage units within properties, including bulk creation and status updates. |
/tenants | List, retrieve, and create tenant records. Includes emergency contact and personal reference data. Upload ID verification documents. |
/leases | Create leases, access lease data, and update lease status with enforced transition rules. Supports AI-assisted term extraction on PRO and BUSINESS plans. |
/payments | Retrieve payment records, initiate tenant Stripe checkout, and download PDF receipts for succeeded payments. |
/payments/receipt | Generate and download a PDF receipt for a succeeded rent payment. Tenants can only access their own receipts; brokers, property managers, landlords, and admins can access any receipt within their organisation. |
/leases/move-out-report | Generate and download a PDF move-out report for a case. Includes notice, inspection, and deposit reconciliation details. Tenants can only access their own reports; brokers, property managers, landlords, and admins can access any report within their organisation. |
/maintenance | List, create, and update maintenance requests. Supports photo uploads and vendor assignment. |
/vendors | List, create, and rate maintenance vendors. Assign vendors to maintenance requests. |
/documents | Upload, download (via signed URLs), and delete property documents. |
/analytics | Retrieve portfolio analytics — occupancy, revenue trends, and vacancy metrics. PRO and BUSINESS plans only. |
/calendar | List, create, and delete property availability calendar blocks. Export iCal data. PRO and BUSINESS plans for write operations. |
/inspections | Schedule, complete, and list property inspections. Trigger tenant reminders. PRO and BUSINESS plans only. |
/property-import | Preview and import properties from CSV files. Download import templates. PRO and BUSINESS plans only. |
/communications | List threads, send messages, and export thread history as CSV. Supports multi-participant threads. |
/lease-renewals | Create renewal offers, respond to offers, and queue renewal reminder notifications. |
/tenant-screening | Initiate tenant screenings, add reference and employment checks, update credit checks, and list screenings. Landlord role required. |
/leads | List, create, update, and convert leads. Manage lead pipeline stages and broker assignments. PRO and BUSINESS plans. Broker role required. |
/deals | List, create, update, and close deals. Track deal pipeline stages, contract values, and commission calculations. PRO and BUSINESS plans. Broker role required. |
/open-houses | Schedule, update, and cancel open house events. Public booking via capability URL (no auth required for attendee registration). PRO and BUSINESS plans. |
/commissions | List and manage commission invoices. View commission summaries. Admin role required for invoice creation. PRO and BUSINESS plans. |
/broker-performance | Retrieve broker performance metrics including deals closed, pipeline value, commission earned, and monthly trends. PRO and BUSINESS plans. |
/syndication | Trigger listing syndication exports in JSON or XML format. View export history. BUSINESS plan only. Admin role required. |
/brochures | Generate shareable property brochure links with a configurable expiry window (1, 3, 7, or 14 days — defaults to 7). Public brochure access via capability URL. PRO and BUSINESS plans. |
/property-matching | Match available properties and units to lead requirements using a weighted scoring algorithm. PRO and BUSINESS plans. Broker role required. |
/gdpr | Request data exports, account deletion, and PII erasure. Available to all authenticated users. Admin role required for PII erasure. |
/reports | Retrieve operational reports including occupancy, revenue, payments, and maintenance metrics for a date range. PRO and BUSINESS plans. |
/financial-reports | Retrieve annual financial reports with monthly breakdowns of income, expenses, and net operating income. PRO and BUSINESS plans. |
/webhooks/stripe | Receive and process Stripe webhook events. Authenticated via Stripe signature verification (not user JWT). The request body must be consumed as raw text for signature verification. Handles subscription and payment lifecycle events. |
/cron/reminders | Automated reminder processing for rent due, rent overdue, lease expiry, and maintenance overdue notifications. Authenticated via Authorization: Bearer <secret> or X-Cron-Secret header (not user JWT). Either header satisfies the requirement. |
Not all write operations are available via API. Some actions — such as permanently deleting
records or making billing changes — must be performed through the BrikSync PropOS web application.
Response format
All API responses follow a consistent envelope format:Success response
data object includes pagination metadata:
Error response
code field is a machine-readable error code. The error field is a human-readable description. Some error responses include an upgradeUrl field when a plan upgrade is required. Plan-gated endpoints may also return currentPlan, requiredPlan, and a message field with additional context.
Error codes
| Code | HTTP Status | Meaning |
|---|---|---|
VALIDATION_ERROR | 400 | Invalid input or malformed request body. |
UNAUTHORIZED | 401 | Missing or expired session / API key. |
FORBIDDEN | 403 | Your role does not meet the minimum requirement. Includes a message field with a detailed explanation. |
NOT_FOUND | 404 | The requested resource does not exist or is not accessible. |
RATE_LIMITED | 429 | Rate limit exceeded. Retry after the period indicated in Retry-After. |
PLAN_LIMIT_EXCEEDED | 403 | The feature or resource limit requires a higher plan tier. Includes an upgradeUrl field. |
PLAN_UPGRADE_REQUIRED | 403 | The endpoint requires a higher plan tier. Includes currentPlan, requiredPlan, and upgradeUrl fields. |
PLAN_CONTEXT_UNAVAILABLE | 403 | Organisation billing context could not be loaded. Request denied as a fail-secure measure. Includes an upgradeUrl field. |
NOT_APPLICABLE | 403 | The requested feature does not apply to your account type (e.g. platform admin accessing customer-only endpoints). |
INTERNAL_ERROR | 500 | Unexpected server error. Contact support if this persists. |
| Pattern | Meaning |
|---|---|
Unauthorized | No valid session or API key. |
Forbidden: requires {role} role or higher | Your role does not meet the minimum requirement. |
Forbidden | Your account cannot access the requested resource (e.g. ownership mismatch). |
PLAN_UPGRADE_REQUIRED: ... | The feature requires a higher plan tier. |
PLAN_CONTEXT_UNAVAILABLE | Organisation billing context could not be loaded. Request denied as a fail-secure measure. |
{Entity} not found. | The requested resource does not exist or is not accessible. |
Lease is already in this status. | The requested lease status transition is a no-op. |
Invalid status transition: {from} -> {to} | The requested status change is not permitted by the transition rules (applies to leases and maintenance requests). |
Maintenance request is already in this status. | The requested maintenance status transition is a no-op. |
Maintenance request not found. | The specified maintenance request does not exist or is not accessible. |
Receipt is available only after successful payment confirmation. | The payment has not yet succeeded, so no receipt can be generated. |
Move-out case not found | The specified move-out case does not exist or is not accessible. |
Move-out notice can only be submitted for active leases. | The lease must be in active or renewed status to submit a move-out notice. |
A move-out case already exists for this lease. | Each lease can have at most one move-out case. |
Tenant profile not found | The authenticated user does not have a tenant profile in the current organisation. |
Lease not found. | The specified lease does not exist or is not accessible within your organisation. |
You can only submit notice for your own lease. | A tenant attempted to submit a move-out notice for a lease that belongs to a different tenant. |
Failed to submit move-out notice. | A server-side error occurred while creating the move-out case. |
Failed to record final inspection. | A server-side error occurred while saving the inspection record. |
Failed to reconcile move-out deposit. | A server-side error occurred while saving the deposit reconciliation. |
Unable to process lease request right now. Please try again. | A server-side error occurred while processing a lease request. Internal details are redacted for security. |
Failed to {action}. Please try again. | A server-side operation failed. |
Too many requests | Rate limit exceeded. Check Retry-After header for when to retry. |
Rate limit exceeded. Please retry after Xs. | Per-user or per-org AI rate limit exceeded. |
Lead not found | The specified lead does not exist or is not accessible. |
Deal not found | The specified deal does not exist or is not accessible. |
Open house not found | The specified open house does not exist or is not accessible. |
Open house is full | The open house has reached its maximum attendee capacity. |
Open house has already passed | Cannot book an open house that has already occurred. |
Brochure link not found or expired | The brochure share link is invalid, expired, or has been revoked. |
GDPR export request too recent | A 30-day cooldown applies between data export requests. |
Thread not found. | The specified communication thread does not exist or is not accessible. |
subject and participant_user_ids are required for new threads | A new communication thread requires both a subject and at least one participant. |
Renewal offer not found. | The specified lease renewal offer does not exist or is not accessible. |
Renewal offer already processed. | The lease renewal offer has already been accepted or declined. |
Lease not found for current tenant. | The tenant attempting to respond to a renewal offer does not have a matching lease. |
Sign-in is temporarily unavailable. Please try again in a minute. | The authentication provider is unreachable or timed out. Retry after a short delay. |
HTTP Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Resource created successfully |
302 | Redirect — used by auth callback and sign-out endpoints |
400 | Bad request — check your request parameters |
401 | Unauthorised — invalid or missing API key |
403 | Forbidden — your plan or role does not permit this action |
404 | Not found — the resource does not exist |
422 | Unprocessable entity — validation error |
429 | Too many requests — rate limit exceeded |
500 | Server error — contact support if this persists |
Rate Limits
To ensure fair use and platform stability, API requests are rate limited.| Scope | Rate Limit |
|---|---|
| General API | 100 requests per minute per user or IP |
| Auth (login) | 5 attempts per minute per IP |
| Registration | 5 attempts per minute per IP |
| Password reset | 3 requests per minute per IP |
| Email verification | 3 requests per minute per IP |
| Tenant endpoints | 30 requests per minute |
| Broker endpoints | 60 requests per minute |
| Admin endpoints | 120 requests per minute |
| Scope | Limit |
|---|---|
| Per user | 10 requests per minute |
| Per org (PRO) | 100 requests per minute |
| Per org (BUSINESS) | 500 requests per minute |
429 Too Many Requests response. The response includes Retry-After, X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.
| Header | Description |
|---|---|
Retry-After | Seconds until you can retry |
X-RateLimit-Limit | Maximum requests allowed per window |
X-RateLimit-Remaining | Remaining requests in the current window |
X-RateLimit-Reset | Unix timestamp (milliseconds) when the rate limit window resets |
Pagination
List endpoints return paginated results. Usepage and pageSize parameters to control pagination.
The response data object includes page, pageSize, total, and totalPages to help you navigate pages.
Default pageSize varies by resource. Maximum is 100 per request (except inspections, which cap at 50).
| Resource | Default pageSize | Maximum |
|---|---|---|
| Properties | 12 | 100 |
| Units | 20 | 100 |
| Tenants | 20 | 100 |
| Leases | 20 | 100 |
| Payments | 20 | 100 |
| Maintenance | 20 | 100 |
| Inspections | 12 | 50 |
| Audit log | 25 (fixed) | — |
| Vendors | 20 | 100 |
| Communications | 20 | 50 |
| Leads | 20 | 100 |
| Deals | 20 | 100 |
| Open Houses | 20 | 50 |
| Commissions | 20 | 50 |
| Notifications | 25 (fixed) | — |
Audit log and notifications use a fixed page size that cannot be overridden via query parameters.
Authentication
The API uses a hybrid authentication model. External integrations authenticate with API keys (BUSINESS plan). The web application uses Supabase JWT sessions managed automatically by the browser. See the API Authentication guide for details on generating and using API keys.Support
If you encounter issues with the API, contact the BrikSync support team via the in-app help widget or at briksync.com.Built by Errsol Technologies LLP · Karan · BrikSync PropOS