What is the Agency API
The Agency API is a set of RESTful endpoints that allow agencies and teams to manage multiple ContentEngine workspaces from a single account. Instead of logging into each client workspace individually, you can create workspaces, provision users, generate content, and pull analytics programmatically through the API. This is essential for agencies managing ten or more clients where manual dashboard work becomes a bottleneck.
The API follows standard REST conventions with JSON request and response bodies, token-based authentication, and predictable resource URLs. Every action you can take in the ContentEngine dashboard is available through the API, plus additional endpoints for bulk operations and cross-workspace reporting that are exclusive to agency accounts. Comprehensive API documentation with interactive examples is available in the developer portal.
Creating your agency account
To access the Agency API, you need an agency-tier ContentEngine account. If you are currently on an individual or team plan, navigate to Settings, then Billing, and upgrade to the Agency plan. The upgrade takes effect immediately and unlocks the Agency section in your dashboard along with API access. Your existing workspaces and content are preserved during the upgrade.
Once on the Agency plan, you will see a new Agency Management section in your dashboard sidebar. This is where you can view all client workspaces, monitor aggregate usage, and manage team members who have access to the agency account. Take a moment to configure your agency profile with your company name and logo, as this branding will appear on any white-labeled reports you generate for clients through the API.
Generating your API key
Navigate to Settings, then API Tokens, and click 'Generate Agency Key.' You will be asked to name the key and select its permission scope. For initial setup, you can grant full access, but for production integrations you should create scoped keys that only have the permissions each integration needs. Each key is shown once at creation time, so copy it immediately and store it in a secure location such as a secrets manager or encrypted vault.
You can generate multiple API keys for different purposes. For example, create one key for your internal automation scripts, another for your project management integration, and a third for your reporting dashboard. This separation makes it easy to rotate or revoke a single key without disrupting your other integrations. All API requests must include the key in the Authorization header using the Bearer token format.
Managing client workspaces via API
The core of the Agency API is workspace management. To create a new client workspace, send a POST request to the workspaces endpoint with the client name, industry, brand voice preferences, and any initial configuration such as connected social accounts or content templates. The API returns a workspace ID that you use in all subsequent requests scoped to that client.
You can list all workspaces, update their settings, archive inactive ones, and transfer ownership between team members through dedicated endpoints. Each workspace operates in isolation, meaning content, analytics, and user permissions in one workspace never leak into another. This isolation is critical for agencies handling competing clients in the same industry. The API also supports bulk operations so you can apply configuration changes or deploy templates across multiple workspaces in a single request.
Tracking usage and credits
The Agency plan includes a pool of credits shared across all client workspaces. Credits are consumed by AI content generation, Brain sessions, analytics processing, and webhook deliveries. The usage endpoint returns a detailed breakdown of credit consumption by workspace, feature, and time period, making it straightforward to attribute costs to individual clients for billing purposes.
Set up usage alerts to avoid unexpected overages. The API allows you to configure threshold notifications that fire when a workspace or the agency as a whole reaches a specified percentage of its credit allocation. You can also set hard caps on individual workspaces to prevent a single client from consuming a disproportionate share of your credit pool. Usage data is available in real time and can be exported as CSV for integration with your accounting or invoicing systems.
Security best practices
Protect your API keys by never embedding them in client-side code, public repositories, or shared documents. Use environment variables or a secrets manager to inject keys at runtime. Rotate your keys on a regular schedule and immediately revoke any key that may have been exposed. ContentEngine logs all API requests with timestamps and source IP addresses, so you can audit access if a security concern arises.
Enable IP allowlisting to restrict API access to known server addresses. This prevents a stolen key from being used outside your infrastructure. For additional security, require all team members with API access to use two-factor authentication on their ContentEngine accounts. Finally, follow the principle of least privilege when creating API keys. A key used only for reading analytics should not have permission to create or delete workspaces. Scoping permissions tightly limits the blast radius of any single compromised credential.