Developers

Build on the NextEAM API.

REST, GraphQL, and webhooks. Tenant-scoped from day one. OpenAPI 3 spec, JS and Python SDKs, reference integrations to SAP FICO and Oracle Fusion. Same API your in-app screens are built on. No shadow surface.

Interactive API docs (Swagger)Download OpenAPI spec

Authentication

Bearer-token + tenant-scoping.

Every request carries two things: an API token in the Authorization header, and a tenant identifier in the X-Tenant-Id header. The backend rejects any request missing either.

API tokens are scoped to a single tenant + user + role. They're generated from the in-app settings page and can be revoked at any time. We never display a token after creation. Copy it into your secret store immediately.

Required headers3 lines

Authorization: Bearer YOUR_API_TOKEN
X-Tenant-Id: tnt_01HX0R3F...
Accept: application/json

For service-to-service workloads (e.g. an integration that has no human user), use a tenant service account. Service accounts have their own token rotation policy and audit-log tag.

Code examples

Three flavours, same surface.

curl4 lines

curl -X GET https://api.nexteam.me/v1/work-orders \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "X-Tenant-Id: your-tenant-id" \
  -H "Accept: application/json"

Node (TypeScript SDK)14 lines

import { NextEAM } from '@nexteam/sdk';

const client = new NextEAM({
  apiKey: process.env.NEXTEAM_API_KEY,
  tenantId: process.env.NEXTEAM_TENANT_ID,
});

const workOrders = await client.workOrders.list({
  status: 'open',
  priority: 'P1',
  limit: 50,
});

console.log(`${workOrders.total} open P1 WOs`);

Python SDK14 lines

from nexteam import NextEAM

client = NextEAM(
    api_key=os.environ["NEXTEAM_API_KEY"],
    tenant_id=os.environ["NEXTEAM_TENANT_ID"],
)

work_orders = client.work_orders.list(
    status="open",
    priority="P1",
    limit=50,
)

print(f"{work_orders.total} open P1 WOs")

Webhook delivery (server -> your endpoint)15 lines

POST https://your-app.example.com/webhooks/nexteam HTTP/1.1
Content-Type: application/json
X-NextEAM-Signature: sha256=...
X-NextEAM-Event: work_order.completed
X-NextEAM-Delivery: a8f1...

{
  "event": "work_order.completed",
  "tenantId": "tnt_01HX...",
  "data": {
    "workOrderId": "wo_01HY...",
    "completedAt": "2026-05-26T08:14:22.110Z",
    "completedBy": "usr_01HX..."
  }
}

The official SDKs @nexteam/sdk (npm) and nexteam (PyPI) are published on every release. Use them for type-safe access; fall through to raw curl when scripting or debugging.

Core resources

REST resources, mirrored in GraphQL.

Each resource follows the same conventions: GET for list + read, POST for create, PATCH for partial update, DELETE for hard delete (soft delete is the default behaviour and exposed via ?archived=true).

Resource	Endpoint	Verbs
Assets	`/v1/assets`	GET, POST, PATCH, DELETE
Work orders	`/v1/work-orders`	GET, POST, PATCH, DELETE
Preventive maintenance	`/v1/pm`	GET, POST, PATCH, DELETE
Spare parts	`/v1/spare-parts`	GET, POST, PATCH, DELETE
Purchase orders	`/v1/purchase-orders`	GET, POST, PATCH
Vendor invoices	`/v1/vendor-invoices`	GET, POST, PATCH
Contracts	`/v1/contracts`	GET, POST, PATCH, DELETE
Users + roles	`/v1/users`	GET, POST, PATCH, DELETE
Audit logs	`/v1/audit-logs`	GET (read-only)
AI assistant	`/v1/assistant/respond`	POST (RAG query)

The complete list (40+ resources) lives in the OpenAPI spec. GraphQL is a 1-to-1 mirror of the REST surface, plus the field-selection benefits.

Webhooks

Events delivered with HMAC signatures.

Subscribe to events via the in-app webhook settings. We sign every delivery with an X-NextEAM-Signature header (HMAC-SHA256 of the request body using your subscription secret). Verify the signature before processing the payload.

We retry failed deliveries with exponential backoff for up to 24 hours, then mark the subscription as failing and notify the tenant admin. Webhook payloads are also available via the /v1/webhook-deliveries endpoint for replay.

Supported events (subset)

work_order.created
work_order.assigned
work_order.completed
work_order.overdue
asset.health.declined
pm.generated
po.approved
goods_receipt.matched
invitation.accepted
incident.reported

Rate limits

Sensible defaults, lift-on-request.

Default
Reads
100 req / min
Writes
30 req / min
Growth tier
Reads
500 req / min
Writes
150 req / min
Enterprise
Reads
Negotiated
Writes
Negotiated

Every response carries X-RateLimit-Remaining and X-RateLimit-Reset headers. Exceeding the limit returns 429 Too Many Requests with a Retry-After hint. Bulk-import workloads should use the bulk endpoints, which have separate, higher limits. Talk to us before scheduling large backfills.

Reference integrations

Recipes for the systems most customers connect.

SAP FICO
Bidirectional PR/PO sync, cost-centre alignment, and journal-entry posting on WO completion via our REST + webhook framework against SAP BAPI / OData endpoints. Delivered as a scoped integration during onboarding (Growth + Enterprise).
Oracle Fusion Cloud
Cost-centre sync, vendor-master sync, and PR/PO posting via our REST + webhook framework against Fusion REST APIs. Delivered as a scoped integration during onboarding (Growth + Enterprise).
Generic REST / webhook
Build against the REST + webhook surface directly. Examples for Zapier, n8n, and custom Node/Python middleware are in the recipe library.

Building something? Tell us.

Integration partners get an architect to walk through the deployment, technical certification once the integration is reviewed, and joint go-to-market once it's in production.

Talk to our architect developers@nexteam.me