Skip to content

API Reference

Complete documentation for all 92 ThriveSend B2B2G API endpoints


The ThriveSend B2B2G API provides comprehensive programmatic access to all platform features:

  • 92 RESTful endpoints covering all platform functionality
  • JSON-based request and response formats
  • Authentication via Clerk (JWT tokens)
  • Rate limiting for API stability
  • POPIA compliant with automatic audit logging

Base URL: https://thrivesend.isutech.co.za/api


All API requests require authentication:

// Include Clerk session token in headers
const response = await fetch('https://thrivesend.isutech.co.za/api/clients', {
headers: {
'Authorization': `Bearer ${sessionToken}`,
'Content-Type': 'application/json'
}
});
// Example: Fetch all clients
const clients = await fetch('/api/clients', {
method: 'GET',
headers: {
'Authorization': `Bearer ${token}`
}
});
const data = await clients.json();
console.log(data);

Manage business and government clients

  • GET /api/clients - List all clients
  • POST /api/clients - Create new client
  • GET /api/clients/[id] - Get client details
  • PUT /api/clients/[id] - Update client
  • DELETE /api/clients/[id] - Delete client
  • GET /api/clients/business - List business clients
  • GET /api/clients/government - List government clients

Create and manage marketing campaigns

  • GET /api/campaigns - List all campaigns
  • POST /api/campaigns - Create new campaign
  • GET /api/campaigns/[id] - Get campaign details
  • PUT /api/campaigns/[id] - Update campaign
  • DELETE /api/campaigns/[id] - Delete campaign
  • POST /api/campaigns/bulk - Bulk campaign operations

Real-time analytics and reporting

  • GET /api/analytics/dashboard - Dashboard metrics
  • GET /api/analytics/performance - Performance metrics
  • GET /api/analytics/sector - Sector breakdown
  • GET /api/analytics/trends - Trend analysis
  • GET /api/analytics/predictions - Predictive analytics
  • GET /api/analytics/reports - Generate reports

POPIA compliance and audit features

  • GET /api/compliance/status - Compliance status
  • GET /api/compliance/alerts - Compliance alerts
  • GET /api/compliance/reports - Compliance reports
  • GET /api/audit/log - Audit trail
  • GET /api/audit/recent - Recent audit events
  • GET /api/data-subject-requests - Data subject requests

Manage team members and permissions

  • GET /api/team - List team members
  • POST /api/team - Add team member
  • GET /api/team/[id] - Get member details
  • PUT /api/team/[id] - Update member
  • DELETE /api/team/[id] - Remove member
  • GET /api/team/analytics - Team analytics

Manage campaign content and assets

  • GET /api/content - List all content
  • POST /api/content - Create content
  • GET /api/content/[id] - Get content details
  • PUT /api/content/[id] - Update content
  • DELETE /api/content/[id] - Delete content
  • GET /api/content/templates - Content templates

Team invitation system

  • GET /api/invitations - List invitations
  • POST /api/invitations - Send invitation
  • POST /api/invitations/accept - Accept invitation
  • GET /api/invitations/manage - Manage invitations
  • POST /api/invitations/demo - Demo invitation

Server-Sent Events (SSE) for real-time data

  • GET /api/realtime/dashboard - Dashboard SSE stream
  • GET /api/realtime/breaches - Breach alerts SSE

Organization and service provider management

  • GET /api/service-provider - Provider details
  • PUT /api/service-provider/organization - Update org
  • GET /api/service-provider/billing - Billing info
  • GET /api/service-provider/compliance - Compliance status
  • GET /api/service-provider/integrations - Integrations
  • GET /api/service-provider/notifications - Notifications
  • GET /api/service-provider/security - Security settings

ThriveSend uses Clerk for authentication and organization multi-tenancy.

Getting a Session Token:

import { auth } from '@clerk/nextjs';
export async function GET() {
const { userId, orgId, getToken } = auth();
if (!userId || !orgId) {
return new Response('Unauthorized', { status: 401 });
}
const token = await getToken();
// Use token for API requests...
}

Client-Side Token:

import { useAuth } from '@clerk/nextjs';
function MyComponent() {
const { getToken } = useAuth();
const fetchData = async () => {
const token = await getToken();
const response = await fetch('/api/clients', {
headers: {
'Authorization': `Bearer ${token}`
}
});
};
}

POST /api/clients HTTP/1.1
Host: thrivesend.isutech.co.za
Authorization: Bearer eyJhbGci...
Content-Type: application/json
{
"name": "Department of Health",
"sector": "GOVERNMENT",
"governmentLevel": "NATIONAL",
"securityClearance": "ENHANCED"
}

Success Response (200/201):

{
"id": "client_abc123",
"name": "Department of Health",
"sector": "GOVERNMENT",
"governmentLevel": "NATIONAL",
"securityClearance": "ENHANCED",
"createdAt": "2026-01-26T10:00:00Z",
"updatedAt": "2026-01-26T10:00:00Z"
}

Error Response (400/401/404/500):

{
"error": "Validation error",
"message": "Client name is required",
"code": "VALIDATION_ERROR",
"statusCode": 400
}

API requests are rate-limited to ensure platform stability:

  • Authenticated requests: 1000 requests/hour
  • Unauthenticated requests: 100 requests/hour

Rate Limit Headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1643212800

  • 200 OK - Request successful
  • 201 Created - Resource created successfully
  • 400 Bad Request - Invalid request data
  • 401 Unauthorized - Missing or invalid authentication
  • 403 Forbidden - Insufficient permissions
  • 404 Not Found - Resource not found
  • 429 Too Many Requests - Rate limit exceeded
  • 500 Internal Server Error - Server error
{
"error": "Error type",
"message": "Human-readable error message",
"code": "ERROR_CODE",
"statusCode": 400,
"details": {
"field": "Additional error details"
}
}

All API operations are POPIA compliant:

  • Automatic Audit Logging - Every data operation logged
  • Consent Tracking - User consent recorded
  • SA Data Residency - Data stored in South Africa
  • Data Subject Rights - Access, deletion, portability supported

Audit Log Example:

{
"id": "audit_xyz789",
"action": "CLIENT_CREATED",
"userId": "user_123",
"resourceType": "CLIENT",
"resourceId": "client_abc123",
"timestamp": "2026-01-26T10:00:00Z",
"metadata": {
"ipAddress": "197.xxx.xxx.xxx",
"userAgent": "Mozilla/5.0..."
}
}

// Using fetch
const response = await fetch('/api/clients', {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
name: 'ABC Corporation',
sector: 'BUSINESS'
})
});
const client = await response.json();
Terminal window
curl -X POST https://thrivesend.isutech.co.za/api/clients \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "ABC Corporation",
"sector": "BUSINESS"
}'
import requests
response = requests.post(
'https://thrivesend.isutech.co.za/api/clients',
headers={
'Authorization': f'Bearer {token}',
'Content-Type': 'application/json'
},
json={
'name': 'ABC Corporation',
'sector': 'BUSINESS'
}
)
client = response.json()

Currently, there are no official SDKs. Use standard HTTP clients.

  • JavaScript/TypeScript: fetch, axios
  • Python: requests, httpx
  • PHP: Guzzle
  • Ruby: Faraday
  • Go: net/http

  • ✅ All 92 endpoints operational
  • ✅ Real-time SSE endpoints added
  • ✅ Predictive analytics endpoints added
  • ✅ Enhanced error handling
  • ✅ Rate limiting improvements

When reporting issues, include:

  • Endpoint URL
  • Request method and body
  • Response status and body
  • Expected vs actual behavior

Browse the endpoint listings above to find the API you need, then use the authentication patterns and code examples on this page to integrate.


API Reference Version: 0.1.4 | Last Updated: January 26, 2026