🧰 Developer Docs

Connect Commish Carefully

REST API and MCP guidance for technical evaluators. Start with read-only access, use hashed API keys with scoped permissions, and add write/admin actions intentionally.

Browse API docs →Open API key settings Read MCP setup guide

Quick Start

List your deals with a single API call

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://app.getcommish.io/api/v1/deals?status=approved&per_page=10"

Response

{
  "data": [
    {
      "id": "abc-123",
      "opportunity_name": "Acme Corp Annual",
      "arr_amount": 120000,
      "total_commission": 12000,
      "status": "approved"
    }
  ],
  "meta": { "page": 1, "per_page": 10, "total": 42 }
}

🤖

MCP Server

Connect Commish to Claude, ChatGPT, or Cursor. Use read-only tools for evaluation first, then enable write/admin tools only with owner approval.

Setup guide →

🔑

Authentication

API-key authentication with server-side hashed keys and configurable scopes: read, write, and admin. Start with read-only keys for evaluation and expand only when needed.

Learn more →

📡

REST API

Read and scoped write/admin access for deals, comp plans, users, commissions, and SPIFFs. List endpoints use consistent JSON pagination.

Browse endpoints →

🔔

Webhooks

Webhook management supports admin-scoped subscriptions, HTTPS endpoint validation, local/private target blocking, and one-time subscription secrets. Confirm delivery/retry expectations before relying on event workflows in production.

View events →

Base URL

Use https://app.getcommish.io/api/v1 for production. Demo or staging environments should use their matching host, never mixed keys and URLs.

Auth header

Send Authorization: Bearer YOUR_API_KEY on every request. Keys are checked by hash server-side; keep raw keys server-side and rotate them if they are exposed.

Scopes

Read can view data, write can create/update, and admin can approve/reject or manage configuration. Use the smallest scope that works.

Rate Limiting

API requests are currently limited to 100 requests per minute per API key and logged for operational review. If you exceed this limit, you'll receive a 429 Too Many Requests response with a Retry-After header.

Best Practices

✓Cache responses where possible
✓Use pagination to limit response sizes
✓Implement exponential backoff for retries
✓Prefer webhooks over polling when event delivery behavior fits your implementation

Ready to evaluate the API?

API access is available as an add-on. Review the docs first, then book a fit call when you are ready to confirm scopes and production access.

Read developer docs Book a fit call