Skip to main content

Get an api_secret

Every call to the API is authenticated, so the first thing any integration needs is an api_secret. Access is provisioned per organization.
1

Have an admin generate it in the Synthpop UI

An administrator in your organization signs in to app.synthpop.ai and generates (or resets) the api_secret for the environment you’re integrating with. Staging and production have separate secrets.
2

No account yet? Request access

If your organization isn’t provisioned for API access yet — or you don’t have UI access or a Synthpop contact — request access through the contact form. If you already have a Synthpop representative, reach out to them directly; either way they’ll issue an api_secret and confirm which task_type values are enabled for you.
3

Store it safely

Synthpop does not store the secret after it’s shown, and generating a new one immediately invalidates the previous one. Keep it server-side, never commit it, and exchange it for a bearer token rather than sending it on every request. See Authentication.
task_type is provisioned during onboarding — there is no endpoint that lists the types available to you. Your Synthpop contact tells you which are enabled.

Reach the Synthpop team

Contact Synthpop

Get in touch about access, onboarding, provisioning a new task_type, or enabling callbacks and auto-read for your organization.

Your Synthpop contact

Already integrating? Your dedicated Synthpop representative or customer success contact is the fastest path for account-specific questions.

Report an API issue

When something isn’t working as documented, share the details below so the team can trace it quickly. Never include an api_secret or a bearer token in a report.
1

Identify the environment and endpoint

State whether you hit staging (stage.synthpop.ai) or production (app.synthpop.ai), and the exact endpoint and method (for example POST /task/create).
2

Include the Task identifiers

Provide the Task’s Synthpop uuid and/or your external_id. These let the team locate the exact Task without any credentials.
3

Include timing and the response

Add an approximate timestamp (with timezone), the HTTP status code you received, and the response body — redacting any sensitive content.
4

Describe expected vs. actual

Say what you expected and what happened instead. If it’s reproducible, include the minimal request that triggers it.
Do not paste secrets, bearer tokens, or patient information into a support request. The Task uuid / external_id, environment, endpoint, timestamp, and status code are enough for the team to investigate.

Before you reach out

Many questions are already answered in the docs:

FAQ

Access, environments, async results, file types, limits, and SDKs.

Errors

Status codes and error bodies, with what each one means.

Authentication

The api_secret format, token exchange, and the default-deny model.

Async results

Polling, callbacks, and the waiting status.