API access
Integrate Strutter with your systems using the public REST API. Available on select plans.
The Strutter API lets you access your RFP data programmatically. Use it to integrate Strutter with your existing procurement workflows, reporting tools, or internal systems.
API access is available on select plans. See plans and pricing for details.
Getting started
Generate an API key
Only admin users can create and manage API keys. If you don't see the API Keys section in Settings, ask your organization's admin.
- Go to Settings in the sidebar
- Click API Keys
- Enter a name for your key (e.g., "Production" or "Analytics")
- Click Create Key
- Copy the key immediately. It will not be shown again.
Security
- API keys are securely hashed before storage. Strutter never stores your raw key.
- Each key tracks its last-used date for auditing.
- Revoke compromised keys immediately from the API Keys settings page.
- Deleted keys cannot be recovered. Create a new one if needed.
Authentication
All API requests require a Bearer token in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY_HERE" \
https://rfp.strutterai.com/api/v1/rfps
Invalid or missing keys return a 401 response. If your organization is not on a plan that includes API access, requests return a 403 response.
Endpoints
List RFPs
GET /api/v1/rfps
Returns a list of your organization's RFPs.
Query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 25 | Results per page (1 to 100) |
offset | integer | 0 | Number of results to skip |
Response fields:
| Field | Type | Description |
|---|---|---|
id | string | RFP identifier |
title | string | RFP title |
description | string | RFP description |
status | string | DRAFT, OPEN, CLOSED, or AWARDED |
type | string | RFP type |
deadline | string | Due date (ISO 8601) |
questionCount | integer | Number of questions |
vendorCount | integer | Number of invited vendors |
awardedVendor | object or null | Winning vendor info (if awarded) |
createdAt | string | Creation timestamp (ISO 8601) |
updatedAt | string | Last update timestamp (ISO 8601) |
Get RFP details
GET /api/v1/rfps/{rfpId}
Returns full details for a single RFP, including all questions.
Response fields:
| Field | Type | Description |
|---|---|---|
id | string | RFP identifier |
title | string | RFP title |
description | string | RFP description |
status | string | DRAFT, OPEN, CLOSED, or AWARDED |
type | string | RFP type |
deadline | string | Due date (ISO 8601) |
vendorCount | integer | Number of invited vendors |
questions | array | List of questions with id, section, text, type, weight, order, and required flag |
reviewAttempts | integer or null | Number of AI quality-gate review attempts during generation |
reviewScoreHistory | array or null | Score history from AI quality-gate reviews |
createdAt | string | Creation timestamp (ISO 8601) |
updatedAt | string | Last update timestamp (ISO 8601) |
Get vendor responses
GET /api/v1/rfps/{rfpId}/responses
Returns all vendor responses for a specific RFP.
Response fields:
| Field | Type | Description |
|---|---|---|
rfpId | string | RFP identifier |
rfpTitle | string | RFP title |
vendors | array | List of vendors with their responses |
Each vendor object includes:
| Field | Type | Description |
|---|---|---|
inviteId | string | Vendor invite identifier |
vendorName | string | Vendor company name |
vendorEmail | string | Vendor contact email |
status | string | Invite status |
responses | array | List of responses with questionId, content, aiScore, and humanScore |
List vendors
GET /api/v1/vendors
Returns your organization's vendor directory.
Response fields (per vendor):
| Field | Type | Description |
|---|---|---|
id | string | Vendor identifier |
name | string | Company name |
website | string | Company website |
notes | string | Internal notes |
contacts | array | Contacts with id, name, email, phone, and title |
rfpCount | integer | Number of RFPs the vendor has been invited to |
createdAt | string | Creation timestamp (ISO 8601) |
Response format
All API responses follow a consistent format:
Success:
{
"data": { ... }
}
Error:
{
"error": {
"code": "ERROR_CODE",
"message": "Human-readable description"
}
}
Common error codes
| Code | HTTP Status | Description |
|---|---|---|
MISSING_KEY | 401 | No Authorization header or malformed Bearer token |
INVALID_KEY | 401 | API key not found |
REVOKED_KEY | 401 | API key has been revoked |
TIER_NOT_ALLOWED | 403 | Your plan does not include API access |
NOT_FOUND | 404 | Requested resource not found |
INTERNAL_ERROR | 500 | Unexpected server error |
Rate limits
API requests are rate-limited to 60 requests per minute per API key. If you exceed this limit, requests return a 429 Too Many Requests response.
Best practices for staying within limits:
- Cache responses on your side when possible
- Use pagination parameters to fetch only the data you need
- Avoid polling in tight loops; use reasonable intervals (e.g., every 30 seconds)
Managing API keys
API key management is restricted to admin users. From the API Keys settings page, admins can:
- Create new keys with descriptive names
- View key prefixes and last-used dates
- Revoke keys to immediately disable them (the key stays in your list for reference)
- Delete keys to permanently remove them
You can have multiple active API keys. Use separate keys for different environments (production, staging) or integrations.
Next steps
- Billing and plans. Manage your subscription and billing.
- Teams and settings. Manage API keys from your organization settings.
- FAQ. Common questions about the API and integrations.