Skip to main content
The API Base URL determines which environment your API requests are sent to.

How Base URLs Are Constructed

Base URL + Endpoint Path = Final Request URL
EnvironmentBase URLExample EndpointFinal Request URL
Staginghttps://external.staging.pleo.io/v2/employeeshttps://external.staging.pleo.io/v2/employees
Productionhttps://external.pleo.io/v2/employeeshttps://external.pleo.io/v2/employees
See: API Reference pages for all API endpoints.

Choosing an Environment

We offer Staging and Production environments.
  • Staging: safe testing, experiments, pre-production validation
  • Production: live data, ready integrations

Authentication

Pleo APIs support multiple authentication methods depending on the integration type.
MethodTypical Use
OAuth 2.0Partner integrations
Integrated API KeysApproved exception only
Standalone API KeysRestricted integrations and specific use cases
All authentication methods work with the External API base URLs shown above.

OAuth 2.0 (Bearer Token)

Partner integrations must use OAuth 2.0. API requests must include the following header: 
Authorization: Bearer <access_token>
Follow the OAuth 2.0 Setup Workflow Guide (Manual Token Lifecycle) to generate an access token.

Integrated API Keys

Upon approval from Pleo, some partner integrations may be permitted to use Integrated API Keys.

Standalone API Keys

Standalone API Keys have restricted availability and are only supported by Pleo’s NEW External APIs. If enabled for your account, follow the Standalone API Key Workflow Guide to create a key and make your first API request. Authentication uses Basic HTTP authentication:
  • API key as the username
  • Empty password
  • Credentials are automatically Base64 encoded

What Comes Next?

Review Integration Requirements

Setup Authentication

FAQs

Legacy APIs (OpenAPI)
  • Base URL: https://openapi.pleo.io
  • Authentication: API tokens (legacy tokens)
  • Availability: Intended for existing/legacy use cases. Access can depend on your account setup and entitlements.
  • Lifecycle: Deprecated. Pleo is working on a deprecation timeline and migration plan.
New APIs (External API)
  • Base URL: https://external.pleo.io
  • Authentication: API keys (and other authentication methods supported by the platform, including OAuth 2.0, depending on the use case)
  • Availability: Restricted access. Documentation may be publicly visible, but access is not broadly enabled by default. Standalone API keys require explicit enablement.
  • What to expect: Newer platform surface and improved structure, but not guaranteed feature parity with legacy APIs yet.
Important:
  • Legacy API tokens will not work on external.pleo.io
  • New API keys will not work on openapi.pleo.io
For more context on Standalone API Keys and environment restrictions, see the Standalone API Keys Overview article.