The public API turns Quoli into a building block. Read and write reviews, questions, and storefront content from your own services, and let Quoli push events to you as they happen. API access is part of the Unlimited plan, and everything lives in Settings, then API.
What teams build with it
Headless storefronts. Pull review data into a custom front end and render stars, counts, and excerpts your way.
Data warehouses and CDPs. Pipe every review and question event into Snowflake, BigQuery, or Segment.
Internal tools. Approve, reply, or hide reviews from the admin your team already lives in.
Create a token
Click Create token.
Name it for the service that will hold it, like "warehouse-sync".
Pick its scopes, only the permissions that job needs.
Copy the token immediately. The full value shows once, at creation, then never again.
[SCREENSHOT: API settings with a token created]
Send the token as a bearer token in the Authorization header on every request. Each token's row shows when it was created and last used, which makes quiet audits easy, and Revoke invalidates one immediately. Tokens never expire on their own, so revoking is the off switch.
Subscribe to webhooks
Click Add webhook.
Enter your endpoint URL.
Pick the events you want, review submitted, review approved, question events, and more.
Quoli sends signed JSON to your endpoint as events happen. Every payload is signed with HMAC-SHA256, so your receiver can verify each one genuinely came from Quoli before trusting it. Edit or remove subscriptions anytime.
Where the full reference lives
Every endpoint, parameter, and payload shape is documented at docs.quoli.app/api. This page is for issuing credentials, the docs are for building.
š” Tip: One token per integration, named for its job. When something needs cutting off, you revoke one consumer instead of rotating a shared secret across everything.