Summary and recommendation
Gladly exposes a REST API at `https://{org}.gladly.com/api/v1` authenticated via HTTP Basic Auth - Base64-encode `{token_id}:{token_secret}` and pass it as the `Authorization: Basic` header on every request. API tokens inherit the permissions of the creating user; only Admin-level tokens can execute agent management operations (create, update, deactivate).
The token secret is shown exactly once at creation and cannot be retrieved afterward - store it in a secrets manager immediately.
There is no native SCIM 2.0 endpoint; automated identity lifecycle management requires direct REST integration or a middleware layer, and is a core use case for an identity graph that maps Gladly agent IDs to canonical user records across your IdP and HR systems.
API quick reference
| Has user API | Yes |
| Auth method | HTTP Basic Auth (API token as username, API secret as password, Base64-encoded) |
| Base URL | Official docs |
| SCIM available | No |
| SCIM plan required | Enterprise |
Authentication
Auth method: HTTP Basic Auth (API token as username, API secret as password, Base64-encoded)
Setup steps
- Log in to Gladly as an Admin.
- Navigate to Settings > API Tokens.
- Create a new API token; record the token ID and secret immediately (secret is shown once).
- Base64-encode the string '{token_id}:{token_secret}'.
- Pass the encoded value in the Authorization header as 'Basic {encoded_value}' on every request.
- Optionally restrict the token to specific IP ranges in the token settings.
Required scopes
| Scope | Description | Required for |
|---|---|---|
| Admin role required | API tokens are scoped to the Gladly role of the user who creates them; Admin-level tokens are required for user/agent management operations. | Creating, updating, deactivating agents |
User object / data model
| Field | Type | Description | On create | On update | Notes |
|---|---|---|---|---|---|
| id | string | Unique Gladly agent ID (UUID) | system-generated | immutable | Used as path parameter for update/deactivate operations. |
| emailAddress | string | Agent's login email address | required | optional | Must be unique within the organization. |
| name | string | Full display name of the agent | required | optional | |
| role | string (enum) | Agent role: AGENT, TEAM_LEAD, ADMIN, ANALYST, TASK | required | optional | Determines API access level and billing category. |
| agentProfile | object | Profile details including bio and avatar URL | optional | optional | |
| inboxes | array of strings | List of inbox IDs the agent is assigned to | optional | optional | Inbox IDs must exist prior to assignment. |
| teams | array of strings | List of team IDs the agent belongs to | optional | optional | |
| active | boolean | Whether the agent account is active | defaults to true | optional | Set to false to deactivate; Gladly does not support hard-delete of agents. |
| phoneNumber | string | Agent's phone number for voice channel | optional | optional | |
| externalId | string | External identifier for mapping to external HR/IdP systems | optional | optional | Useful for provisioning integrations. |
| createdAt | ISO 8601 datetime | Timestamp when agent was created | system-generated | immutable | |
| updatedAt | ISO 8601 datetime | Timestamp of last update | system-generated | system-generated | |
| agentStatus | string (enum) | Current availability status: AVAILABLE, BUSY, AWAY, OFFLINE | system-managed | read-only via API | Cannot be set directly via user management API. |
| language | string | Preferred UI language (BCP 47 code) | optional | optional |
Core endpoints
List Agents
- Method: GET
- URL:
https://{org}.gladly.com/api/v1/agents - Watch out for: Inactive agents are included by default; filter with ?active=true to exclude deactivated accounts.
Request example
GET /api/v1/agents?limit=20&cursor=abc123
Authorization: Basic {base64token}
Response example
{
"items": [{"id":"agt_001","emailAddress":"jane@co.com","name":"Jane Doe","role":"AGENT","active":true}],
"nextCursor": "def456"
}
Get Agent
- Method: GET
- URL:
https://{org}.gladly.com/api/v1/agents/{agentId} - Watch out for: Returns 404 if agent ID does not exist or belongs to a different organization.
Request example
GET /api/v1/agents/agt_001
Authorization: Basic {base64token}
Response example
{
"id": "agt_001",
"emailAddress": "jane@co.com",
"name": "Jane Doe",
"role": "AGENT",
"active": true,
"inboxes": ["inbox_1"]
}
Create Agent
- Method: POST
- URL:
https://{org}.gladly.com/api/v1/agents - Watch out for: A welcome/activation email is sent to the new agent automatically upon creation; no way to suppress this via API.
Request example
POST /api/v1/agents
Content-Type: application/json
{"emailAddress":"new@co.com","name":"New Agent","role":"AGENT"}
Response example
{
"id": "agt_002",
"emailAddress": "new@co.com",
"name": "New Agent",
"role": "AGENT",
"active": true
}
Update Agent
- Method: PATCH
- URL:
https://{org}.gladly.com/api/v1/agents/{agentId} - Watch out for: PATCH replaces array fields (e.g., inboxes, teams) entirely; send the full desired array, not just additions.
Request example
PATCH /api/v1/agents/agt_002
Content-Type: application/json
{"role":"TEAM_LEAD","inboxes":["inbox_1","inbox_2"]}
Response example
{
"id": "agt_002",
"role": "TEAM_LEAD",
"inboxes": ["inbox_1","inbox_2"]
}
Deactivate Agent
- Method: PATCH
- URL:
https://{org}.gladly.com/api/v1/agents/{agentId} - Watch out for: Gladly does not support hard-delete of agents. Deactivation (active=false) is the only offboarding mechanism via API.
Request example
PATCH /api/v1/agents/agt_002
Content-Type: application/json
{"active": false}
Response example
{
"id": "agt_002",
"active": false
}
List Teams
- Method: GET
- URL:
https://{org}.gladly.com/api/v1/teams - Watch out for: Team IDs are required when assigning agents to teams via the agent update endpoint.
Request example
GET /api/v1/teams
Authorization: Basic {base64token}
Response example
{
"items": [{"id":"team_1","name":"Tier 1 Support"}]
}
List Inboxes
- Method: GET
- URL:
https://{org}.gladly.com/api/v1/inboxes - Watch out for: Inbox IDs must be retrieved before assigning agents; there is no lookup-by-name endpoint.
Request example
GET /api/v1/inboxes
Authorization: Basic {base64token}
Response example
{
"items": [{"id":"inbox_1","name":"General Support","channelType":"EMAIL"}]
}
Get Agent Availability
- Method: GET
- URL:
https://{org}.gladly.com/api/v1/agents/{agentId}/availability - Watch out for: Read-only; agent availability cannot be set via the REST API.
Request example
GET /api/v1/agents/agt_001/availability
Authorization: Basic {base64token}
Response example
{
"agentId": "agt_001",
"status": "AVAILABLE",
"updatedAt": "2024-11-01T10:00:00Z"
}
Rate limits, pagination, and events
- Rate limits: Gladly enforces per-organization rate limits on API requests. Official documentation does not publish exact numeric limits publicly.
- Rate-limit headers: Yes
- Retry-After header: Yes
- Rate-limit notes: HTTP 429 is returned when rate limit is exceeded. Retry-After header is included in 429 responses. Gladly recommends exponential backoff.
- Pagination method: cursor
- Default page size: 20
- Max page size: 100
- Pagination pointer: cursor
| Plan | Limit | Concurrent |
|---|---|---|
| All plans | Not publicly documented; contact Gladly support for org-specific limits | 0 |
- Webhooks available: Yes
- Webhook notes: Gladly supports outbound webhooks (called 'Notifications') that POST event payloads to a configured HTTPS endpoint. Webhooks are configured in Settings > Notifications in the Admin UI.
- Alternative event strategy: Polling the /api/v1/agents endpoint for agent change detection if webhook delivery is not suitable.
- Webhook events: conversation.created, conversation.assigned, conversation.closed, conversation.reopened, message.created, agent.created, agent.updated
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise
- Endpoint: Not documented
Limitations:
- Gladly does not offer a native SCIM 2.0 endpoint as of the latest available documentation.
- SSO via SAML 2.0 is available on Enterprise plans with Okta, Microsoft Entra ID, and Google Workspace.
- Automated provisioning/deprovisioning must be handled via the REST API (agents endpoints) or a middleware integration.
- Enterprise plan is required for SSO; SCIM support is not confirmed even at Enterprise tier.
Common scenarios
Three lifecycle operations cover the majority of integration requirements:
Provision:
GET /api/v1/inboxesandGET /api/v1/teamsto resolve IDs, thenPOST /api/v1/agentswithemailAddress,name,role,inboxes, andteams. A welcome email fires automatically and cannot be suppressed. If the email already exists (including deactivated accounts), the API returns409 Conflict- reactivate viaPATCHinstead of re-creating.Update:
PATCH /api/v1/agents/{agentId}with the newroleand the full desiredinboxesarray. PATCH treats array fields as full replacements, not appends - omitting an existing inbox removes it.Offboard:
PATCH /api/v1/agents/{agentId}with{"active": false}. Hard-delete is not supported; deactivated agents remain in list responses unless filtered with?active=true. If SSO is enabled, revoke the IdP session separately - API deactivation does not terminate active SSO sessions.
Provision a new support agent
- Authenticate using Basic Auth with a valid Admin API token.
- GET /api/v1/inboxes to retrieve the inbox ID(s) to assign the agent to.
- GET /api/v1/teams to retrieve the team ID(s) if team assignment is needed.
- POST /api/v1/agents with emailAddress, name, role, inboxes, and teams in the request body.
- Store the returned agent id for future update or deactivation operations.
- Note: a welcome email is sent to the new agent automatically.
Watch out for: If the email address already exists (even for a deactivated agent), the POST will return a 409 Conflict. Reactivate the existing agent via PATCH instead.
Update agent role and inbox assignments
- Retrieve the agent's id via GET /api/v1/agents or from your internal records.
- GET /api/v1/inboxes to confirm current inbox IDs.
- PATCH /api/v1/agents/{agentId} with the new role value and the full desired inboxes array (not just additions).
- Verify the response reflects the updated role and inbox list.
Watch out for: Sending only the new inbox in the inboxes array will remove all previously assigned inboxes. Always include the full desired set.
Offboard (deactivate) a departing agent
- Retrieve the agent's id via GET /api/v1/agents?emailAddress={email} or from your records.
- PATCH /api/v1/agents/{agentId} with body {"active": false}.
- Confirm the response shows active: false.
- If SSO is enabled, also disable or suspend the user in the IdP (Okta/Entra/Google Workspace) to block login.
Watch out for: Deactivating via the API does not terminate active SSO sessions. Revoke the IdP session separately to ensure immediate access removal.
Why building this yourself is a trap
The absence of SCIM is the primary integration risk: there is no standardized provisioning contract, so any automation you build is coupled to Gladly's proprietary REST schema and subject to undocumented rate limits (HTTP 429 with Retry-After; implement exponential backoff).
Pagination is cursor-based with a default page size of 20 and a maximum of 100 - full agent list traversal requires multiple requests and cursor chaining. Webhooks (agent.created, agent.updated) are available via Settings → Notifications but do not cover deactivation events explicitly, making polling GET /api/v1/agents the safer change-detection strategy for offboarding workflows.
An identity graph is essential here: without a persistent mapping of Gladly agent.id to your IdP's user object and HR system's employee ID, joiner/mover/leaver automation breaks on any email or name change, and the externalId field on the agent object is the recommended anchor for that cross-system linkage.
Automate Gladly workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
