Clubtool.developers
Start

Authentication & scopes

Every request authenticates with a club API key sent as a Bearer token. A key belongs to the club (not to the administrator who created it) and can only ever reach that club's data.

Authorization: Bearer ct_live_...

Key model

Scopes

A key carries one or more scopes; a *:write scope implies the matching *:read. Requests outside the key's scopes answer 403 insufficient_scope.

ScopeGrants
members:readList and read members
members:writeCreate, update, delete members + bulk
groups:readList and read training groups
events:readList and read calendar events
events:writeCreate, update, delete events
competition:readSeasons and competition teams (read)
competition:writeManage competition teams
attendance:readRead attendance records
attendance:writeUpsert attendance + bulk
kennismakers:readList and read trial members (intake)
kennismakers:writeCreate and update trial members — e.g. a website signup form

Least privilege. Give each integration its own key with only the scopes it needs — that keeps the audit trail readable and limits the blast radius of a leak.

Rotation

Rotate a key in the app (System → API → Rotate): you get a new key with the same label and scopes, and the old key keeps working for 24 hours so you can switch your deployment over without downtime.

If a key leaks

  1. Revoke it immediately in the app — revocation is instant.
  2. Create a replacement key and update your integration.
  3. Review the club's audit log (System → Audit log): all API writes are attributed to the key prefix, e.g. api:ct_live_3f9K.

Plan gating

The public API is a Pro feature. If the club moves to a lower plan, requests answer 403 upgrade_required; keys are blocked, not deleted, and resume working after an upgrade.