Summary and recommendation
Sketch exposes a REST API at https://api.sketch.cloud/v1 supporting Personal Access Token (Bearer) or OAuth 2.0 authentication.
Member management endpoints cover list, invite, role update, and removal operations scoped to a workspace_id.
The API is cursor-paginated;
page size limits are not publicly documented.
Rate limit thresholds, headers, and Retry-After behavior are also undocumented in official sources - build in conservative retry logic and treat any 429 as indefinite backoff until Sketch publishes explicit limits.
For teams building an identity graph across SaaS tools, the user object surfaces id, email, name, role, status, avatar_url, and created_at
sufficient for join operations against a directory, but no last-active timestamp is available via the REST layer.
API quick reference
| Has user API | Yes |
| Auth method | Personal Access Token (Bearer) or OAuth 2.0 |
| Base URL | Official docs |
| SCIM available | Yes |
| SCIM plan required | Enterprise ($44/editor/mo) |
Authentication
Auth method: Personal Access Token (Bearer) or OAuth 2.0
Setup steps
- Log in to Sketch and navigate to Account Settings.
- Under 'API Tokens', generate a new Personal Access Token.
- Include the token in the Authorization header as: Authorization: Bearer
. - For OAuth 2.0: register an application in the Sketch Developer portal to obtain client_id and client_secret, then follow the authorization code flow.
Required scopes
| Scope | Description | Required for |
|---|---|---|
| workspaces:read | Read workspace metadata and member lists. | List workspace members |
| workspaces:write | Invite, update, or remove workspace members. | Member provisioning and deprovisioning |
| profile | Read the authenticated user's profile information. | Get current user |
User object / data model
| Field | Type | Description | On create | On update | Notes |
|---|---|---|---|---|---|
| id | string | Unique identifier for the member. | system-assigned | immutable | UUID format. |
| string | Email address of the member. | required | not updatable via REST API | Used as the primary identifier for invitations. | |
| name | string | Display name of the member. | optional | updatable | |
| role | string (enum) | Member role within the workspace: admin, editor, viewer. | required | updatable | Viewers are free; editors are billed. |
| avatar_url | string (URL) | URL of the member's avatar image. | system-assigned | not updatable via API | |
| status | string (enum) | Membership status: active, invited, suspended. | system-assigned | read-only via REST | Suspension managed via SCIM on Enterprise plan. |
| created_at | string (ISO 8601) | Timestamp when the member joined the workspace. | system-assigned | immutable |
Core endpoints
Get current authenticated user
- Method: GET
- URL:
https://api.sketch.cloud/v1/me - Watch out for: Returns the token owner's profile only; not a workspace-scoped call.
Request example
GET /v1/me
Authorization: Bearer <token>
Response example
{
"data": {
"id": "uuid-123",
"name": "Jane Doe",
"email": "jane@example.com",
"avatar_url": "https://..."
}
}
List workspace members
- Method: GET
- URL:
https://api.sketch.cloud/v1/workspaces/{workspace_id}/members - Watch out for: Requires workspace admin token. Paginate using the cursor from meta.
Request example
GET /v1/workspaces/ws-abc/members
Authorization: Bearer <token>
Response example
{
"data": [
{"id": "uuid-1", "email": "a@example.com", "role": "editor"}
],
"meta": {"cursor": "next-cursor-token"}
}
Invite member to workspace
- Method: POST
- URL:
https://api.sketch.cloud/v1/workspaces/{workspace_id}/members - Watch out for: Invited users receive an email; they are not active until they accept. Billing applies to editors upon acceptance.
Request example
POST /v1/workspaces/ws-abc/members
Content-Type: application/json
{"email": "new@example.com", "role": "editor"}
Response example
{
"data": {
"id": "uuid-new",
"email": "new@example.com",
"status": "invited",
"role": "editor"
}
}
Update member role
- Method: PATCH
- URL:
https://api.sketch.cloud/v1/workspaces/{workspace_id}/members/{member_id} - Watch out for: Downgrading an editor to viewer reduces billing on next cycle; not immediate.
Request example
PATCH /v1/workspaces/ws-abc/members/uuid-1
Content-Type: application/json
{"role": "viewer"}
Response example
{
"data": {
"id": "uuid-1",
"role": "viewer"
}
}
Remove member from workspace
- Method: DELETE
- URL:
https://api.sketch.cloud/v1/workspaces/{workspace_id}/members/{member_id} - Watch out for: Removal is immediate and irreversible via API. The user loses access to all workspace documents.
Request example
DELETE /v1/workspaces/ws-abc/members/uuid-1
Authorization: Bearer <token>
Response example
HTTP 204 No Content
Get workspace details
- Method: GET
- URL:
https://api.sketch.cloud/v1/workspaces/{workspace_id} - Watch out for: workspace_id must be obtained from the Sketch web app URL or the /me response; not discoverable via a list-workspaces endpoint in public docs.
Request example
GET /v1/workspaces/ws-abc
Authorization: Bearer <token>
Response example
{
"data": {
"id": "ws-abc",
"name": "Acme Design",
"plan": "enterprise"
}
}
Rate limits, pagination, and events
Rate limits: Sketch does not publicly document specific rate limit thresholds in their developer docs as of the policy date.
Rate-limit headers: Unknown
Retry-After header: Unknown
Rate-limit notes: No explicit rate limit values, headers, or Retry-After behavior documented in official sources.
Pagination method: cursor
Default page size: Not documented
Max page size: Not documented
Pagination pointer: cursor
Webhooks available: No
Webhook notes: Sketch does not document a webhook system for user or membership events in their official developer or help center documentation as of the policy date.
Alternative event strategy: Poll the List Workspace Members endpoint to detect membership changes.
SCIM API status
SCIM available: Yes
SCIM version: 2.0
Plan required: Enterprise ($44/editor/mo)
Endpoint: Tenant-specific SCIM base URL provided by Sketch during SSO/SCIM setup in workspace settings (not a static public URL).
Supported operations: Create user (POST /Users), Read user (GET /Users/{id}), List users (GET /Users), Update user (PUT /Users/{id}), Deactivate/suspend user (PATCH /Users/{id} with active=false), Delete user (DELETE /Users/{id})
Limitations:
- SSO must be configured before SCIM can be enabled.
- SCIM endpoint URL is workspace-specific and generated in Sketch settings; not a generic public URL.
- Supported IdPs documented: Okta and Microsoft Entra ID (Azure AD). Google Workspace and OneLogin not officially documented.
- Group provisioning support is not explicitly documented in official Sketch SCIM docs.
- Enterprise plan required; Business plan includes SSO but not SCIM.
Common scenarios
Three integration patterns are well-supported by the available endpoints.
First, onboarding via REST: POST to /v1/workspaces/{workspace_id}/members with email and role;
poll the members list to confirm status transitions from invited to active before treating provisioning as complete - billing for the editor seat starts on acceptance, not on the API call.
Second, deprovisioning at scale via SCIM 2.0 (Enterprise only): configure Okta or Entra ID as the IdP, then let the IdP send PATCH /Users/{id} with active=false on offboarding;
this is the recommended path for automated lifecycle management and is more reliable than REST DELETE for audit trails.
Third, billing optimization via role downgrade: PATCH /v1/workspaces/{workspace_id}/members/{member_id} with role: 'viewer' takes effect immediately for access control, but the billing reduction follows the subscription cycle - do not expect real-time cost impact.
Webhooks are not available;
poll the members list endpoint to detect membership changes.
Onboard a new editor via REST API
- Obtain a Personal Access Token with workspaces:write scope from Account Settings.
- POST to /v1/workspaces/{workspace_id}/members with {email, role: 'editor'}.
- User receives an invitation email; poll GET /v1/workspaces/{workspace_id}/members to confirm status changes from 'invited' to 'active'.
Watch out for: Billing for the editor seat begins upon invitation acceptance, not at the time of the API call.
Deprovision a departing employee via SCIM (Enterprise)
- Ensure SSO and SCIM are configured in Sketch workspace settings (Enterprise plan required).
- In your IdP (Okta or Entra ID), deactivate or unassign the user from the Sketch SCIM application.
- The IdP sends a PATCH /Users/{id} with active=false to the Sketch SCIM endpoint, suspending the user.
- Verify the user's status in Sketch workspace member list.
Watch out for: SCIM deactivation suspends the user; it does not necessarily delete their documents. Confirm data retention policy with workspace admin.
Downgrade an editor to viewer to reduce billing
- Identify the member's UUID via GET /v1/workspaces/{workspace_id}/members.
- Send PATCH /v1/workspaces/{workspace_id}/members/{member_id} with {role: 'viewer'}.
- Confirm the role change in the response; billing reduction applies on the next billing cycle.
Watch out for: Role changes via API are immediate for access purposes but billing adjustments follow the subscription cycle, not real-time.
Why building this yourself is a trap
The primary integration trap is workspace_id discovery: there is no public list-workspaces endpoint, so the workspace_id must be extracted from the Sketch web app URL or parsed from the /me response. Automations that skip this step will fail silently at every subsequent call.
A second trap is conflating REST and SCIM capabilities - the REST member endpoints are suitable for lightweight integrations and identity graph enrichment, but SCIM is the only supported path for IdP-driven lifecycle automation at Enterprise scale. Attempting to replicate SCIM behavior with REST polling introduces race conditions and gaps in the audit trail.
Finally, Personal Access Tokens have no documented expiry; teams building long-running automations must implement manual rotation policies, as there is no token-expiry event or webhook to trigger rotation.
Automate Sketch workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
