Authentication
Lead import and other public API calls use Bearer token authentication. Each integrator is typically issued one API key.
Obtain an API key
Section titled “Obtain an API key”Email support@dealerstudio.com.au to request a key. Keys can be scoped to specific dealerships and configured with permissions and optional IP allowlisting.
Send the token
Section titled “Send the token”Include the API key on every request:
Authorization: Bearer YOUR_API_KEYUse HTTPS only. The production base URL is:
https://dashboard.dealerstudio.com.auCreate and update leads
Section titled “Create and update leads”| Action | Method | Path | Permission required (if key is restricted) |
|---|---|---|---|
| Create lead | POST | /api/v1/leads | create:lead |
| Update lead | PUT | /api/v1/leads/{id} | update:lead |
If the key’s permission list is empty, all allowed actions for that key are permitted (still subject to dealership scope on the key).
See the Create Lead and Update Lead reference for request bodies and response codes.
IP allowlisting
Section titled “IP allowlisting”If IP addresses are configured on your API key, requests must originate from one of those addresses. Requests from other IPs are rejected with 401 Unauthorized.
If no IPs are configured, IP allowlisting does not apply.
Common responses
Section titled “Common responses”| Status | Meaning |
|---|---|
| 401 Unauthorized | Missing or invalid token, IP not allowlisted, or key lacks permission for the action |
| 403 Forbidden | Authenticated but not allowed to access the requested dealership or resource |
Related guides
Section titled “Related guides”- Getting started — platform overview and security practices
- Stellantis lead import — example payload for
POST /api/v1/leads