Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Technical documentation for the Pitchly platform - pitchly.com
Pitchly is a data-driven work platform for business. At Pitchly's core is a human-friendly database. Apps can be plugged into Pitchly databases to do specific work tasks, like creating documents and pitches, online forms, and visualizations automatically from your data.
Pitchly's data-driven approach is unique and fundamentally different from other work platforms in that no work is repetitive. Documents, for example, can be created once and stay automatically up-to-date whenever your business data changes. It's a fundamentally different way of working.
Visit our website to learn more.
Pitchly is popular among enterprise companies. Our clients include law firms, accounting firms, professional service firms, M&A advisors, corporate finance companies, banks, real estate, property management, construction firms, and many others. In many cases, clients have made Pitchly their "single source of truth" for all their company data and assets.
There are two ways you can develop on Pitchly.
Our Client API allows you to interact with your own Pitchly account programmatically
Our App SDK allows you to build installable apps for yourself or others on the Pitchly platform to help do work
In order to get started, you will need App credentials that we can provide you. Contact us to receive these credentials.
A brief introduction to the Pitchly Client API
The Pitchly Client API is meant for situations where you want to interact with your own Pitchly account programmatically, often to integrate with other systems.
We use GraphQL for our core API requests, but fret not - GraphQL is backwards compatible with REST. In the examples ahead, we will share the equivalent REST API calls for easy translation.
In the following sections, we will show you how to:
Generate API Keys to authorize requests to Pitchly's API
Make calls to Pitchly's API endpoints (with REST or GraphQL)
To authorize your application to work with data in Pitchly
API Keys are token credentials that you will pass with every API request to prove who your application is, and to authorize its access to your Pitchly account's data.
To generate API Keys, all you need is a Pitchly account with admin access. These keys only need to be generated once and do not expire, however, you can rotate keys as you wish.
First, go to your Company settings located in the Organization dropdown in the top right of the screen. Then click on API keys.
When the API Keys window appears, click Create new key set.
Give this integration a brief name, description, and the maximum permissions this integration should have with Pitchly. If you're only wanting to read data from a database to display on a website but aren't accepting data into the database via that website, for example, you would select only readData. When you're finished, click Create.
Right after you click Create, you will be shown a new App ID and App Secret. You will include at minimum the App Secret in all of your API calls.
The App Secret will only be displayed this once and will never be displayed again, so save both the App ID and App Secret to a secure location. If you lose your App Secret, you must generate a new one, which you can do by editing a Key Set.
While your App ID may be public, your App Secret should always remain private! This means you should not use it to make API calls from directly within the browser, unless you are okay with anyone who accesses your web page having access to all of your databases. You should only use your App Secret in server-to-server calls from your application to Pitchly, and you should refrain from checking it into source control, and use caution when posting code in public forums.
Now that you have your App ID and App Secret, you can begin using them to make API calls! If you need to change the permissions or details of a Key Set, you can always return to these screens to modify an existing Key Set. You can also rotate your App Secret as often as you'd like.
For when you want to listen to changes to data on Pitchly
Endpoint
Description
Triggers when rows have changed in a database.
Triggers when a database has been updated.
Listens to changes to rows in a database. Use in combination with a data query.
Initiating a subscription does not return data. Instead, it just starts listening for new data as it comes in. In this case, whenever rows change in a database, the new data for each changed row will be received instantly. The data returned by this subscription is identical to the data returned by the data query.
If you're using a GraphQL client, like Apollo, you can use this subscription in combination with the data query to create an always-up-to-date cache of data. See a code example.
Listens to changes to a database, including database fields. Use in combination with a database query.
Triggers when a database is updated. This includes changes to information about the database itself or any of its fields. The data returned by this subscription is identical to the data returned by the database query.
See how to use this subscription in combination with the database query using Apollo.
While API Keys are a quick and convenient way to make API requests from your third-party application in a machine-to-machine setting, sometimes you may want to authorize each user individually with a unique access token for each. This allows you to get the user context for specific users and require each user to authenticate with Pitchly before using Pitchly data in your application.
To get user-specific access tokens, you can use Pitchly's OAuth authorization code flow. OAuth is a global authorization standard for sharing data from one application to another. You can find an example of how this flow generally works here.
Below is a description of each step in the OAuth authorization code flow (and refresh token flow).
This endpoint is triggered by the user opening this page in their browser with the following query parameters in the URL. The user will be presented with the option to authorize your app access to the user's Pitchly account. If approved, your app will receive an authorization code in return. In the next request, you will exchange that code for an actual access token via a server-side call.
GET https://v2.pitchly.net/oauth/authorize
Redirect the user to this URL with the following query parameters to start the OAuth flow. Once the user approves access (or if they have already approved), the user will be redirected to the appropriate redirect URI (specified in the app's configuration) with an authorization code that can be exchanged for an access token.
response_type*
String
"code"
client_id*
String
App ID
redirect_uri
String
One of the redirect URIs provided when you configured your app. Note that it must match exactly. If one is not provided, the first one configured for your app is assumed.
state
String
organization_id
String
If provided, this organization will be selected by default for the user. If the app is already approved for the user on this org, the user will also be immediately redirected back to the app with a valid code. For an app to be approved, an admin must have already allowed the app on the org.
force_prompt
String
If set to "true", "yes", or "1", the user will always be prompted to allow the app, even if organization_id is provided and the app is already approved.
Call this from your application's server side to exchange the authorization code returned by the previous request for an access token. You can then provide this access token in GraphQL API requests in the accessToken variable. When using a user-specific access token, replace all instances of secretKey in your GraphQL requests with accessToken, and provide your access token within it.
Do not call this endpoint from the client side, since the request contains your application's secret key. You should never make your secret key accessible client side.
POST https://v2.pitchly.net/api/oauth/access_token
Call this on your backend to exchange the authorization code acquired from the first step for an access token, which you can use to make GraphQL API requests.
content-type*
String
"application/x-www-form-urlencoded"
accept*
String
"application/json"
grant_type*
String
"authorization_code"
code*
String
The authorization code returned as a query param in the response of the previous request.
client_id*
String
App ID
client_secret*
String
App Secret
This step is optional and only applies if you wish to continue making API calls to Pitchly while the user is offline, or if you would like to continue making API requests without sending the user back through the OAuth flow after the token expires in 2 hours.
Whenever you receive a token-invalid error from a GraphQL API request, call this endpoint to get a new access token and retry the request. You will need a refresh token either from the previous request or from the result following this request.
POST https://v2.pitchly.net/api/oauth/access_token
Call this to exchange a refresh token for a new access token and refresh token.
content-type*
String
"application/x-www-form-urlencoded"
accept*
String
"application/json"
grant_type*
String
"refresh_token"
refresh_token*
String
Refresh token, returned in the previous request or when rerunning this request.
client_id*
String
App ID
client_secret*
String
App Secret
scope
String
If you wish to use OAuth to acquire user-specific access tokens but don't have a sever side to exchange an authorization code for an access token, you can alternatively use the implicit flow to get an access token directly instead of an authorization code.
This method is not recommended if you do have a server side with which you can exchange authorization codes because it is slightly less secure than the authorization code flow described above. This method should only be used if you do not have a server side that can keep a secret, such as in the case of a single-page application (SPA) that does not have a server or a native mobile or desktop app.
To initiate the implicit flow, send the user to this endpoint:
GET https://v2.pitchly.net/oauth/authorize
Redirect the user to this URL with the following query parameters to start the OAuth flow. Once the user approves access (or if they have already approved), the user will be redirected to the appropriate redirect URI (specified in the app's configuration) with an access token.
response_type*
String
"token"
client_id*
String
App ID
redirect_uri
String
One of the redirect URIs provided when you configured your app. Note that it must match exactly. If one is not provided, the first one configured for your app is assumed.
state
String
organization_id
String
If provided, this organization will be selected by default for the user. If the app is already approved for the user on this org, the user will also be immediately redirected back to the app with a valid token. For an app to be approved, an admin must have already allowed the app on the org.
force_prompt
String
If set to "true", "yes", or "1", the user will always be prompted to allow the app, even if organization_id is provided and the app is already approved.
If you do not have a server side, you will not be able to utilize refresh tokens to generate new access tokens once they expire because a secret cannot be kept. Instead, you will need to send the user back through this OAuth flow after the access token expires, so you can receive a new access token. By default, access tokens expire after 2 hours.
A brief overview of what Apps are on Pitchly, and how to create them.
In Pitchly, Apps are used to perform specific work tasks using data. You can either make an App for yourself or share it with others, in which case you will enable other companies on the Pitchly platform to be more successful and efficient using your App.
In general, Apps are installed on an organization in Pitchly and work with data inside the databases of that organization, up to the permissions allowed for that App.
The process to create an App on Pitchly is pretty straightforward. There are three main steps:
Register your App on Pitchly
Generate an access token over our REST API
Get resources, like data, from the user's account over our GraphQL API
If you are building a web app inside Pitchly, you can safely skip step #2 because we handle access token generation and renewal for you automatically via our JavaScript SDK. We will try to make the remaining steps as easy as possible.
There are conceptually three different kinds of Apps you can build in Pitchly, depending on where you want your App to live. The three are:
Inside Apps
Outside Apps (coming soon)
Hybrid Apps (coming soon)
Inside Apps "live" inside the Pitchly platform and are shown to the user via an iframe, side by side with their database, but your App is hosted elsewhere.
Outside Apps live primarily on your own website or web page but connect with users' Pitchly accounts via a Pitchly Connect button.
Hybrid Apps are simply a combination of both strategies, which gives you the ability to both enhance your existing web app or product with Pitchly support and have your App available at a moment's notice to users working inside their Pitchly account.
To create an App on Pitchly, you must first register your App with the Pitchly platform, so we know things like your App's name and where to look for your App. This will also generate a unique App ID and App Secret, which you can then use to communicate with Pitchly's APIs.
A random string that will be returned back to your redirect URI as a query parameter. If the returned state matches the state originally used at the start of the OAuth flow, you can validate that the request has not been forged (see ).
A space-delimited list of permissions to downscope the resulting access token to. Note that the refresh token will still possess full permissions and can be used to generate more access tokens with elevated permissions, but the access token returned in this request will be downscoped, allowing you to pass it to a client with limited permissions. Possible values are: readData, insertData, updateData, deleteData, addFields, and readMembers (see for details). By default, not providing a scope will fall back to full permissions allowed for the app.
A random string that will be returned back to your redirect URI as a query parameter. If the returned state matches the state originally used at the start of the OAuth flow, you can validate that the request has not been forged (see ).
If you are looking to interact only with your own Pitchly account programmatically for the purpose of integrating with other systems, you may be looking for our instead.
Third-party Apps are currently subject to review, so we don't allow public registration. Please directly if you would like to register your App with Pitchly.
Read on to learn how to generate access tokens using .
Once you have an access token, you can now use it to get (and push) data to/from Pitchly.
GraphQL is a fairly new API framework that replaces the more common REST API. It was developed by Facebook to better handle data distribution at scale. We chose to use GraphQL for several of our own reasons:
Built-in subscription support enables Apps to get data in real time, a key design principle in Pitchly.
You can choose exactly the data you want to receive, spanning several possible data sets, in total fewer network requests.
It uses a single endpoint, creating less breaking changes, allowing for incremental adoptability and better version control.
If you are developing your App using a modern web application framework, we recommend using Apollo Client to work with our GraphQL API.
If you are not developing your App using a modern web application framework, you can still make calls to our GraphQL API over REST. This is because, at its core, GraphQL is really an abstraction over HTTP calls. It is a structured query language that gets sent over an HTTP request, just like REST, except the query is put inside the body of the request. Without a framework, like Apollo Client, however, you won't have the added perks of a client-side cache or automatic subscription updates.
Apollo Client is compatible with several major frontend web frameworks, including React, Vue.js, Meteor, Angular, Ember, as well as native mobile on iOS and Android. You can get real snazzy with it, but we're just going to show a dirt basic example to start. The examples below are compatible with any frontend JavaScript framework you choose.
Let's get information about the current database:
We will get back several properties of the database, including its name, description, color, and all of its fields, in the form of a Promise.
This is great for a one-time query, but it only gives us a snapshot into a particular database on Pitchly in that moment. What if I want to be notified whenever the database changes?
Subscriptions are a feature of GraphQL that allow you to receive notifications of data changes on Pitchly as soon as they happen, over websockets.
We'll need just a few more NPM packages (we've included the ones above again):
We need to make some changes to the ApolloClient:
Next, we will re-use the same query we initially had, but this time, we want to watch it change as new data from the subscription comes in. This will require two calls: one to the query and one to a subscription.
There are understandably a few confusing things here, so let's break it down.
There are two main differences between a query and a subscription:
A query retrieves a particular set of data.
A subscription is just a listener. It does not request any data when first connected, but only opens up a connection to get new data.
To make things even more interesting, there are also two different types of queries:
A normal query makes a single request and gets back a single response.
A watched query acts as a long-term "living" query, capable of long-term tasks like receiving subscription updates, refetches with updated variables, and continuous pagination.
One important thing to know about Apollo is that queries do not hold the data they request in isolation. Under every query, subscription, and mutation is a single global cache that houses all requested data. The cache serves as a single source of truth for all requested API data, regardless of which query requested it.
The Apollo cache is global and semi-persistent, but don't confuse this with your browser's cache. Apollo's cache only lives inside the page session and does not carry across page reloads.
Subscriptions are able to function because the call to the subscription automatically "pulls down" updates into the Apollo cache when updated data arrives. Every watched query which uses that same data will automatically "pull up" the update from the cache.
You may have noticed a lot of subscribes floating around. Well, they're not all related to subscriptions.
An unfortunate choice of the makers of Apollo was to use the same method name for both creating GraphQL subscriptions and subscribing to their results from the Apollo cache. The first is a client-server intraction, while the latter is a client-client cache interaction.
Both client.watchQuery and client.subscribe methods return an Observable, which represents that query or subscription and the data it uses in the cache. When something changes to the data that query or subscription represents, you can capture that update by subscribing to its Observable. For subscriptions, subscribing to the Observable is necessary to tell Apollo you are interested in that data.
In addition to querying data, you can also perform actions against the Observable, such as refetching with different variables, checking load status, and paginating.
Mutations are used whenever you want to "post" data to Pitchly, such as when you want to insert a row to a database. Mutations are very similar to queries in that they run once and return a Promise, but they also have some additional options.
This example will return the new row's _id and cols.
Mutations can do some unique things, like Optimistic UI, to keep latency at a minimum. But if you are using subscriptions, all of your queries using the affected data will be updated at near real time automatically after your mutation affects the relevant data, resulting in a positive UI loop. This makes for a very quick and seamless real-time experience for not only the user updating the data, but also for all other users viewing the same data. And it ensures that no user ever acts on data that is out of date.
If you would like to get the loading status of a query with Apollo, perhaps to show a loading indicator, you can use the next function in combination with notifyOnNetworkStatusChange: true.
Note that subscribe here is not related to Subscriptions, but rather it "subscribes" to an Observer.
In addition to detecting the load status of a watched query, next can also be used to capture subscription updates, depending on your use case. Learn more.
You can forcibly re-run a query by using refetch.
This will make a new network request to Pitchly using the new variables for the query. The variables object that is passed to refetch is completely optional, and refetch can be called alone to simply re-run the query with the existing variables intact.
Common use cases for refetch are:
You are not using subscriptions and would like to manually re-query on an event or interval (if you are refetching on an interval, consider using pollInterval instead.)
The access token, or another parameter, has changed and you need to update it
You need to re-capture a set of data for which there is no subscription
Caching in Apollo can be useful when dealing with repetitive queries against the same data. But sometimes it can make things difficult to debug, or Apollo may think you have all the data for an object because it already exists in the cache, when really you don't have all the data you need. If you're making a request for the same object but can't see the new data come in past the data you previously queried for, caching may be your issue.
There are several solutions, but a simple one is to change the caching behavior of a query by changing its fetchPolicy. Just add it as an additional parameter to the query.
Possible options are:
cache-first
cache-and-network
network-only
cache-only
no-cache
standby
Read about each type of fetchPolicy here.
fetchPolicy can be applied to watchQuery, query, mutate, and subscribe operations.
Pagination can be achieved without much manual effort using Apollo's fetchMore function. Call fetchMore the moment you would like to get more results.
Subscriptions in Apollo are, by default, pretty smart. In most cases, they will merge new data into Apollo's cache for you, giving all your existing queries access to the new data automatically. But there are a few cases where this won't work:
The data coming from the subscription doesn't match the format of the data in the cache
A range of data was queried and a new row of data was created. We've been told about the new row, but we don't know where it is in relation to other rows (does it fit inside the range?)
Something new was created and we want to add it to our cache, but we didn't have a query for it previously because it didn't exist yet!
In these cases, either one of these two methods can help to update existing queries with new data:
Using refetch simply runs the entire query again whenever we get notice from the subscription that something has changed. This method has pros and cons.
Pros:
Simplest way to keep data in sync
Maintains original sort order when getting an array of data
Automatically handles insertions and deletions
Cons:
Not very efficient, downloads entire results again and doubles network requests
Not suited for large or growing data sets (i.e. using infinite scroll). When querying a list of rows in a database, for example, you may not even be able to do a full refetch if you have used pagination to load more than the return limit (currently 100 rows at a time).
subscribeToMore is similar to fetchMore for pagination, except it can run multiple times for each update instead of only once, and is triggered by receipt of an update versus when you call it. It, too, has advantages and disadvantages.
Pros:
Fine-grained control over how the subscription updates the Apollo cache
Very efficient, does not make extraneous network requests, uses what it receives
Suited for large and growing data sets (i.e. using infinite scroll)
Cons:
More complicated to set up, subscription data (including insertions and deletions) must be merged manually
Doesn't maintain original sort order (hard to know where new items go)
Below is a real-world example of code we used in our Documents App to update documents with data in real time while also having infinite scroll through the use of fetchMore. We additionally use Underscore.js and Meteor's client-side Collections here.
Pitchly supports query batching on all GraphQL API calls. Query batching allows multiple queries to be sent in a single request if they are executed very close together, saving valuable load time. This means that if you render several components, for example a navbar, sidebar, and content, and each of those do their own GraphQL query, they will all be sent in one roundtrip. In Apollo, it is very easy to enable query batching.
In your ApolloClient setup, replace the following section of code:
with:
Also make sure to install the NPM package:
See the Apollo Guide for more options around query batching.
Whether you're creating an app on Pitchly for your own organization, other organizations, or you're wanting to work with your own organization's data programmatically using Pitchly's Client API, you will be using the same GraphQL endpoints to work with data.
Keep in mind that you can make calls to Pitchly's GraphQL API over REST if you choose, as GraphQL is only a specification, not a library. While tools like Apollo offer tooling to help developers make sophisticated web apps using GraphQL, no libraries or frameworks are required to work with Pitchly's GraphQL API. The only requirement is the ability to make HTTP requests using POST.
For your convenience, we've translated each GraphQL API call example into its REST counterpart so you can choose which technology you would like to use with Pitchly.
Click here for details on Pitchly's API endpoints.
Pitchly API reference
Since Pitchly uses GraphQL for its API, every request is routed to a single URL endpoint.
Since REST is backwards compatible with GraphQL, if you would rather use REST, you can do so by:
Sending all requests to the same URL above
Using the POST method for all requests
Setting the Content-Type header of the request to application/json
Putting the REST-equivalent JSON from each example in the Body of the request
Each example provided in this documentation reference will show both a GraphQL version of the request and an equivalent REST version. The result that follows the request will be the same for each.
For every request, you will include the App Secret you made in the previous section in the Body of your request as the parameter secretKey. The following sections will demonstrate where to include your secretKey.
Remember to keep your App Secret private, or bad things could happen!
For our fellow developers, we've enabled GraphQL Playground on Pitchly so you can test and debug your API requests without writing any code.
At a high level, there are three types of requests you can make with Pitchly's API:
Queries (for pulling data from Pitchly)
Mutations (for pushing data to Pitchly)
Subscriptions (for listening to changes to data in Pitchly)
Pitchly is a powerful platform for data management, collaboration, and workflow building. But in order for it to succeed at all three, it requires a set of common product principles on which not only our platform is built, but all Apps should adhere to as well while providing value to users.
One of the biggest benefits of Pitchly over other software vendors is its real-time nature. We believe with the emergence of web technologies, like WebSockets, there is an opportunity to solve two problems that have been hard to solve for databases as long as they've existed:
Keeping data in sync across an entire business, making sure no one acts on out-of-date information
Preventing conflicting information from overwriting data someone else has entered
Making your App function in real time, where it makes sense, contributes to our mission of making business tools easier to use, and as a result, making those businesses more productive because they can trust the data in Pitchly (and your App) is always accurate.
Pitchly, as a platform, covers the permissions that organizations can set to restrict who has access to what data in their databases. But it may not cover the permissions you want to give users in your App.
Our Documents App, for example, has a special "design" permission, specific to Documents, that allows Pitchly admins to choose who has the ability to create new document templates. But this permission only exists relative to that App. Other Apps will likely have their own permissions to enforce.
It is on you to examine the users in an organization (which can be done via our GraphQL API) to determine who should be able to do what inside your App. If you want, you can align your permissions with Pitchly user roles, to say for example, "only Pitchly admins should be able to do X." Or you can create your own logic, saving the individual userId with your App-related permission in your own database.
The choice is up to you, but we recommend making sure the users of your App are informed of the permissions they have selected. Controlling who has access to what company data is particularly important, and our clients trust us to do what's right with it.
During mobile app development, you are often given standardized UI components with which you can build your app. They give your app a certain look and feel that is consistent with the rest of the operating system, resulting in an overall positive user experience as the user switches between your app and other apps or the home screen.
Web development doesn't really have that standard toolkit by default. Well, it does, but it sucks. Because of this, we have created a standard UI library that includes all the components you might want to use in your App, such as lightboxes, popups, tooltips, toasts, buttons, dropdowns, etc.
We highly recommend you use these components while building Pitchly-facing Apps inside our platform, to ensure users have a consistent and pleasant experience.
For when you want to pull data from Pitchly
Endpoint
Description
Get all the databases that belong to an organization.
Get information about a specific database.
Get data rows from a database.
Get the number of rows in a result.
Get images and PPT asset for selected rows.
Gets all the databases that belong to an organization. If docDbOnly is true, then only databases that have the Documents app installed will be returned.
In the Body of the request:
With GraphQL, you can narrow down the properties you wish to receive in the result, such as only the fields in the tables, or even just the name and _id. filters and templates, however, may require some more explanation.
filters is an array of "Saved Filters" that have been saved in your Pitchly account in the left-hand pane to a database. It returns the name of the filter and the filter object that you can pass directly to the data query to load results matching that filter.
templates is an array of templates that live in the Documents app for this database. The path of the template is a string value containing the stringified path to the template in the directory structure in the Documents app, where each folder is separated by " > ". For example, a template called "Foo" in the folder "Bar" would read Bar > Foo. If the template is at the root directory, it would just read, Foo. The name property simply contains the name of the template, the equivalent of the last name shown in the path.
Returns an array of databases in the specified organization. Each database has an _id, name, and an array of fields. See the meaning of each field's properties here, and more information about field types.
Gets information about a specific database, including its fields.
In the Body of the request:
Returns the specified database. The database has an _id, name, and an array of fields. See the meaning of each field's properties here, and more information about field types.
Gets data from a database.
In the Body of the request:
Returns an array of rows. Each row has an _id and cols for each column/field of data in the row. The data in each column can differ based on field type, but generally those variations will take place within the value object. When value is an object, it is guaranteed to at least always have a val property.
When a value is empty, value may either be null (indicates "not set"), or value may be an object where val itself is null (indicates "intentionally empty"). Read more about empty values.
You can also find all of the expected value object formats for each data type here.
The sample query above may work fine for very simple queries, but the data endpoint allows us to pass many more options to query very specific information. Below is a list of optional variables the data endpoint additionally accepts, beside a secretKey and databaseId.
Variable
Type
Description
filter
object
Narrows rows by specifying filter criteria
sort
object
Sorts rows in ascending or descending order by field ID, in the order specified
limit
number
The maximum number of rows to return (default = 100)
skip
number
Skips the first N number of rows in the result set (useful for pagination)
in
array
Limit resulting rows to the row IDs specified in this array
fields
array
Only return the fields in each row specified in this array of field IDs
removedAt
boolean
Only returns rows in the trash
search
string
Specifies a global search string where , is interpreted as and and | is interpreted as an or
modifiedSince
string
Filters rows to only those created or updated since the date specified. Must be in the following format:
Get rows where ID equals "order-2883"
Get rows in Orders where the Client's Name either contains "Michael" or "John". Note that the Client is a reference to the "Clients" database, which contains a field called "Name". Pitchly is unique in that you can filter data relationally, not unlike a traditional SQL database. The below pattern is also recursive, so you can filter across more than one table or relationship.
Since different field types accept different filter parameters, here is a list of all the possible filter parameters for each field type. They can be used within the filters array.
Sort by Order Amount in descending order, and then by ID in ascending order, yielding the highest priced orders first, and for orders of the same amount, sorted by the order ID alphabetically.
1 = ascending; -1 = descending; order of fields determines sort priority
Only return at most the two rows identified by the following row IDs.
This can be used in combination with filter, limit, etc. to further isolate the desired rows. If a row is specified using in but it doesn't pass a given filter, or it exceeds the max number of rows in the result set (specified by limit), the row will be excluded from the result.
If one of the row IDs does not exist in the database, an error will not be thrown. The result will not include any rows that are not actually in the database.
For each row in Orders, only return the ID and Client fields.
No more than 100 rows can be returned at a time. To return more, you should use skip and limit to paginate through results.
Gets images and PPT assets for each row in a database.
Variables:
In the Body of the request:
Returns an array of rows. Each row has an _id and an array oftemplates for each row of data.
The sample query above may work fine for very simple queries, but the content endpoint allows us to pass many more options to query very specific information. Below is a list of optional variables the content endpoint additionally accepts, beside a secretKey and databaseId.
Variable
Type
Description
filter
object
Narrows rows by specifying filter criteria
sort
object
Sorts rows in ascending or descending order by field ID, in the order specified
limit
number
The maximum number of rows to return (default = 100)
skip
number
Skips the first N number of rows in the result set (useful for pagination)
in
array
Limit resulting rows to the row IDs specified in this array
search
string
Specifies a global search string where , is interpreted as and and | is interpreted as an or
templatePaths
array of string
Specifies one or more templatePaths as returned by the database or databases endpoints. The returned rows will exactly match only these paths. Omitting this variable or supplying an empty array will return each row with all available templates.
modifiedSince
string
Filters rows to only those created or updated since the date specified. Must be in the following format:
Get rows where ID equals "order-2883"
Since different field types accept different filter parameters, here is a list of all the possible filter parameters for each field type. They can be used within the filters array.
Sort by Order Amount in descending order, and then by ID in ascending order, yielding the highest priced orders first, and for orders of the same amount, sorted by the order ID alphabetically.
1 = ascending; -1 = descending; order of fields determines sort priority
Only return at most the two rows identified by the following row IDs.
This can be used in combination with filter, limit, etc. to further isolate the desired rows. If a row is specified using in but it doesn't pass a given filter, or it exceeds the max number of rows in the result set (specified by limit), the row will be excluded from the result.
If one of the row IDs does not exist in the database, an error will not be thrown. The result will not include any rows that are not actually in the database.
No more than 100 rows can be returned at a time. To return more, you should use skip and limit to paginate through results.
Gets the total number of rows in a database, optionally filtered.
In the Body of the request:
Returns the number of rows in the database, or if filter or in are specified, the number of rows in the result, not subject to a limit.
When getting information about the fields in a database using either the database or databases endpoints, the following properties will be returned for each field. A description of each property can be found below.
Field property
Return type
Description
_id
string
The ID of the field
name
string
The name of the field
type
string
primary
boolean | null
True if this field is the primary field in the database
required
boolean | null
True if this field is required
restrict
array | null
If field type is enum or enumTags, an array of all possible values
database
string | null
If field type is ref or refMultiple, the ID of the database this field refers to
Each field in a database can be one of the following types. Note that the programmatic name is different than the user-facing name for each type. The programmatic name is used throughout Pitchly's APIs, while the user-facing name is what the user sees through Pitchly's interface. Examples are representative of the value object returned for each field in each row when getting data via the data endpoint.
Field type
User-facing name
Description & example
string
Single-line text
Short single-line text
{ val: "foo" }
textBlock
Multi-line text
Long multi-line text
{ val: "foo\nbar" }
number
Number
Number w/ possible decimal
{ val: 12.5 }
boolean
Yes/No
Binary true/false value
{ val: false }
date
Date
Date in ISO 8601 Extended format (with zeroed UTC time)
{ val: "2020-01-23T00:00:00.000Z" }
currency
Currency
{ val: 50, currency: "USD" }
attachment
Attachment
File attachment of any type (size given in bytes)
{ val: "<URL>", size: 78358, type: "image/jpeg" }
enum
Dropdown
A single value selected from a dropdown of predefined values
{ val: "Las Vegas" }
enumTags
Dropdown multiple
Multiple values selected from a dropdown of predefined values
{ val: ["Los Angeles", "Las Vegas", "San Francisco"] }
ref
Reference
Refers to a row from another database, by row ID
{ val: "TG9PmpmHFiWhe7qDE", _label: "Michael" }
refMultiple
Reference multiple
Refers to multiple rows from another database, by row ID
{ val: ["FhG...", "L6Q..."], _label: ["John", "Sandy"] }
The row IDs that are saved in reference fields refer to Pitchly's internal and unchangeable row ID for every row. This ID is globally unique to Pitchly, automatically generated, and is not readily exposed to users or defined by users of Pitchly.
Remember that these row IDs are present in the database being referenced by the ref or refMultiple field containing this value, specified by the database property of the ref field.
_label is a convenient display-friendly version of each row being referenced based on the value of the primary field in the referenced row, returned as a string. If no primary field is set in the referenced database, _label will become the row ID itself.
Empty values can be represented one of two ways:
{ fieldId: "...", value: null }
{ fieldId: "...", value: { val: null } }
The first is when the value is considered "not set," which implies the value was empty when inserted into Pitchly and has never been changed. The second is when the value is "intentionally empty," which means it was set to empty intentionally. Once a value is made "intentionally empty," it cannot become "not set" again.
Note that in the second scenario, val will always be null regardless of the data type. If no values are selected in a Dropdown Multiple, for example, null will be returned instead of an empty array. Empty strings will also be automatically converted to null. This way, it is not necessary to know the data type of every field to check whether a value is empty.
Every field type can also potentially be empty, including boolean fields. Required fields may also contain empty values under certain circumstances.
Depending on the data type of a field, different filter options are available. At a filter's core is an object usually consisting of a by property, and usually a value or a slight varation thereof. Below is a list of possible filters for each data type.
{ by: "is", value: "foo" }
{ by: "is-not", value: "foo" }
{ by: "starts-with", value: "foo" }
{ by: "ends-with", value: "foo" }
{ by: "contains", value: "foo" }
{ by: "does-not-contain", value: "foo" }
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
Currently, starts-with, ends-with, contains, and does-not-contain are case insensitive, while is and is-not are case sensitive.
{ by: "is", value: 5 }
{ by: "is-not", value: 5 }
{ by: "is-more-than", value: 5 }
{ by: "is-less-than", value: 5 }
{ by: "is-between", value: { val1: 5, val2: 10 } }
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
{ by: "is-true" }
{ by: "is-false" }
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
{ by: "on", value: "2020-01-23T00:00:00.000Z" }
{ by: "after", value: "2020-01-23T00:00:00.000Z" }
{ by: "before", value: "2020-01-23T00:00:00.000Z" }
{ by: "between", value: { val1: "2020-01-23T00:00:00.000Z", val2: "2020-02-23T00:00:00.000Z" } }
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
{ by: "is", value: 5, currency: "USD" }
{ by: "is-not", value: 5, currency: "USD" }
{ by: "is-more-than", value: 5, currency: "USD" }
{ by: "is-less-than", value: 5, currency: "USD" }
{ by: "is-between", value: { val1: 5, val2: 10 }, currency: "USD" }
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
See all currency types
{ by: "has-any-value" }
{ by: "is-empty" }
{ by: "is-not-set" }
{ values: ["Houston", "Atlanta"], otherValues: ["is-empty", "is-not-set"] }
Every app on Pitchly has a set of permissions that allow it to perform certain actions, no matter whether the app is made to do work on your own organization or on behalf of another. Requesting only the permissions your app needs is a great way to prevent accidental damage if your app tries to do something unintended, or if your app becomes compromised.
Below is a list of all the possible permissions an app can have in Pitchly. If you are building an app that is installable by other organizations, keep in mind that admins of those organizations will be prompted to accept your requested permissions before installing your app. More permissions could lessen the chances that an organization uses your app.
Permission
Description
readData
Allows the App to read data from databases in an organization.
insertData
Allows the App to insert new records into a database.
updateData
Allows the App to update existing records in a database.
deleteData
Allows the App to delete existing records from a database.
addFields
Allows the App to add fields to the structure of a database.
readMembers
Allows the App to read information about users in an organization.
If you are using the Client API to interact with your own data using Pitchly's API, you can specify the maximum permissions that belong to your Key Set (or App). This allows you to restrict what applications using your App Secret can do in Pitchly.
This can be found in in the top right corner of your Pitchly account in the Organization menu > Company settings > API keys > Create new key set or by editing an existing Key Set.
If you have any questions about permissions, how your data can be used by apps, or how to provision the appropriate permissions to access your own data using Pitchly's API, give us a shout.
Advanced guides for advanced usages
Pitchly's JavaScript SDK makes it easy to generate access tokens when accessing data on behalf of another organization, but when using the SDK isn't possible, you can still generate access tokens through direct HTTP requests instead.
For certain applications, continual access to data is necessary, even when its users are offline or not logged into Pitchly. One example of this is Pitchly's own Forms app. Forms, for example, must have access to a database's fields even when all users are logged out of the Pitchly platform in order to continue serving forms to outside visitors. To make this possible, particular tokens can be used to generate new access tokens after old ones have expired, without the need for user involvement.
For when you want to push data to Pitchly
Returns the ID of the new row.
Note that only the cols included in the request will be updated. Any others not included in the request will stay the same and not be updated.
In the Body of the request:
Returns the ID of the updated row.
Conditionally insert or update a row in a database, depending on whether the row already exists. Unlike insert and update operations, this endpoint requires a matchFields parameter, which is an array of field IDs you wish to match against.
If you provide row data that matches an existing row in the fields specified in matchFields, the row will be updated. If no rows match the values in the fields specified in matchFields, the row provided will be inserted into the database.
If more than one row matches, an error will be thrown instead of updating all of the matching rows. This behavior was chosen to limit the potential damage of a widespread update.
Note that matchFields must contain the IDs of the fields you wish to match against, and not their names.
Also note that any fields specified in matchFields must be present in the data and also cannot be empty.
In the Body of the request:
Returns the ID of the new row (if inserted), or the ID of the existing row that was updated.
Deletes a specific row/record from a database.
In the Body of the request:
Returns true if deletion was successful.
To make a value "intentionally empty," set val in the value object to null:
When inserting a row, you can also make a value "not set" by simply excluding that field from the row. When updating a row, any field that is not included will not be updated. And empty strings or empty arrays (for fields that accept strings or arrays) will automatically be converted to null.
Any data type can be set to empty, except fields that are "required." Fields can be made required via the Pitchly interface when editing a database. Required fields must have a non-empty value and are enforced whenever inserting or updating rows. Required fields are only enforced on fields specified in an insert or update. Fields that are not included in the request will not be enforced.
Note that there are still several situations where a row may contain an empty value in a field that is required. Here are some scenarios:
The value was empty prior to the field becoming required
The value was inserted during a bulk CSV import (to prevent partial failures)
The field was not specified during insertion
The field was created after the rows were already inserted
A row that is referenced by another field is deleted, causing the referencing field to turn empty
For these reasons, it is not completely safe to assume that all values in a field will not be empty if the field is required, since required fields must strike a balance between utility and ease-of-use. We think of "required" as a flag that informs users and apps when a field should have a non-empty value. The field will be reasonably validated to ensure the value isn't intentionally empty at time of input, but it should be used more as a visual cue than a strict persistent enforcement scheme.
Date values in the following formats will be accepted:
2020-01-23T00:00:00.000Z (ISO 8601 format - time will be stripped)
M-D-YYYY
M-D-YY
YYYY-M-D
M/D/YYYY
M/D/YY
YYYY/M/D
M.D.YYYY
M.D.YY
YYYY.M.D
Pitchly currently supports the following currency types by code.
The data type of the field. Can be one of .
Currency amount & 3-char currency code ()
Inserts a row/record into a database. The row can have any number of cols for each column. Only a fieldId and value must be provided for each column. value could look different depending on the .
Updates a specific row/record in a database. The new row can have any number of cols for each updated column. Only a fieldId and value must be provided for each column. value could look different depending on the .
When inserting or updating data rows, the value object that you will set for each column of data will largely be the same as the output you receive when . But there are some minor differences, mostly with attachment, ref, and refMultiple fields. Below is a list of all field types and their equivalent expected value object examples when inserting or updating row values.
Regardless of the date format entered, dates will always be returned in ISO 8601 format with a zeroed out UTC time when .
If you see a mistake in this list or would like to request additional currencies, please .
Pitchly's makes it easy to generate access tokens when accessing data on behalf of another organization, but when using the SDK isn't possible, you can still generate access tokens through direct HTTP requests instead.
Generally, Pitchly uses standard to generate access tokens. If you would like the details of Pitchly's OAuth endpoints, and we will send you the information.
Endpoint
Description
Insert a row into a database.
Update an existing row in a database.
Insert or update a row in a database.
Delete an existing row in a database.
Field type
User-facing name
Description & example
string
Single-line text
Short single-line text
{ val: "foo" }
textBlock
Multi-line text
Long multi-line text
{ val: "foo\nbar" }
number
Number
Number w/ possible decimal
{ val: 12.5 }
boolean
Yes/No
Binary true/false value
{ val: false }
date
Date
Date in one of these acceptable formats
{ val: "2020-01-23" }
currency
Currency
Currency amount & 3-char currency code (see list)
{ val: 50, currency: "USD" }
attachment
Attachment
File of any type. Pass in the URL path to any file on the Internet or the Base64 encoded contents of an image file. If the file is a url, it will be copied to Pitchly's file storage system, and subsequent queries will return the path to our hosted version. If the Base64 contents are provided, then a file will be created in Pitchly's file storage system with the contents, and subsequent queries will return the path to our hosted version.
{ val: "https://pitchly.com/images/pitchly-logo.png" }.
or
{ val: "
" }.
enum
Dropdown
A single value selected from a dropdown of predefined values.
This value must be present in the field's restrict array.
{ val: "Las Vegas" }
enumTags
Dropdown multiple
Multiple values selected from a dropdown of predefined values.
Each value must be present in the field's restrict array.
{ val: ["Los Angeles", "Las Vegas", "San Francisco"] }
ref
Reference
Refers to a row from another database, by row ID
{ val: "TG9PmpmHFiWhe7qDE" }
refMultiple
Reference multiple
Refers to multiple rows from another database, by row ID
{ val: ["FhGmrYNGxjB8JnjJr", "L6QqTQv5JbJ4aQMLB"] }
Code
Symbol
Name
USD
$
U.S. Dollars
GBP
£
British Pounds
EUR
€
Euros
AUD
$
Australian Dollars
BRL
R$
Brazilian Real
CAD
$
Canadian Dollars
CZK
Kč
Czech koruny
DKK
kr
Danish Kroner
HKD
$
Hong Kong Dollars
HUF
Ft
Hungarian Forints
ILS
₪
Israeli Shekels
INR
₹
Indian Rupee
JPY
¥
Japanese Yen
MYR
RM
Malaysian Ringgits
MXN
$
Mexican Pesos
NZD
$
New Zealand Dollars
NOK
kr
Norwegian Kroner
PHP
Php
Philippine Pesos
PLN
zł
Polish zloty
SGD
$
Singapore Dollars
SEK
kr
Swedish Kronor
CHF
CHF
Swiss Francs
TWD
$
Taiwan New Dollars
THB
฿
Thai Baht
TRY
TL
Turkish Liras
For certain applications, continual access to data is necessary, even when its users are offline or not logged into Pitchly. One example of this is Pitchly's own Forms app. Forms, for example, must have access to a database's fields even when all users are logged out of the Pitchly platform in order to continue serving forms to outside visitors. To make this possible, particular tokens can be used to generate new access tokens after old ones have expired, without the need for user involvement.
Despite the name "Long-lived tokens," Pitchly actually uses the Refresh Token grant specified in the OAuth 2.0 standard to continuously generate new access tokens without user involvement. The advantage of refresh tokens over actual long-lived tokens is that they still expire, in the rare event one happens to leak.
To get a refresh token, a regular access token must first be obtained via a user of your app (the Client) via the Pitchly platform. Once a regular access token is obtained, it can be sent to your server to attach a client_secret and client_id before making another server-side request to Pitchly to generate a new access token and refresh token. Save the new access token and refresh token on your server. Use the new access token on the client or server side, but keep the refresh token on the server side only. Do not reveal the refresh token to the client or any services besides your server and Pitchly's servers!
To generate a new access token once the old one expires without user involvement, you will use the refresh token stored on your server. Once you've determined that your current access token is no longer valid and you need a new one, send a request to Pitchly with the refresh token. Pitchly will return a new access token and a new refresh token, invalidating the old refresh token. Store the new refresh token on your server - without revealing it to the Client or any other party! - and continue to use the new access token normally until it expires again.
This is a high level overview of Pitchly Refresh Tokens for use in applications that require continuous data access on behalf of another organization, even when the application's users are not actively using Pitchly or your app. For specific details on Pitchly's OAuth endpoints, please contact us.
After you have registered your App with Pitchly, you can now generate access tokens to get access to customer data. We will do so using the Pitchly JavaScript SDK.
Generating access tokens with Pitchly is not as scary as it sounds. Access tokens are essentially a unique string of jumbled characters and numbers that acts as a key to a particular organization's data. With one, you can do whatever your App has been authorized to do against the organization, limited to the scope and resources your App was given access.
If you are building a web app that has a frontend interface through which users will use your App, you don't need to handle the process of generating access tokens yourself. You can instead use our JavaScript SDK, which will generate and renew access tokens automatically for you.
To use the Pitchly JavaScript SDK, just embed the following into your <head> tag:
Initialize Pitchly wherever you're ready to start using Pitchly, probably after your page is loaded:
The Pitchly function accepts several more optional parameters:
Parameter
Type
Description
appId
string
onConnect
function
Called after an access token has been generated, or if an access token failed to generate. Passes back a response object. (See below)
onSelection
function
Called when the user has selected rows in the database. Passes back an array of selected row IDs.
onFilter
function
Called when the user updates the filter. Passes back the new filter object.
onShowSelected
function
Called when the user checks "Show Only Selected" in the database view. Passes back a boolean - true if checked, false otherwise.
debug
boolean
Pass true to print debugging information (including info on access tokens and errors) to the browser console. Defaults to false.
The onConnect callback will return a response object. Below is an example of a successful response:
On error, the response will look something like:
You can also perform certain actions against the instantiated Pitchly object:
Function
Description
getOrganizationId
Get the cached ID of the current organization (automatically retrieved on initialization)
getDatabaseId
Get the cached ID of the current database (automatically retrieved on initialization)
hideFilter
Hide the filter from view
showFilter
Show the filter in view
generateAccessToken
Forcibly request a new access token (not guaranteed to be new). Can pass an optional callback that will return the response, similar to onConnect. onConnect will still be called, just prior to the callback.
requestOrganizationId
Re-ask Pitchly for the current organization ID
requestDatabaseId
Re-ask Pitchly for the current database ID
requestSelections
Re-ask Pitchly for the current rows in the database that have been selected
requestFilter
Re-ask Pitchly for the current filter object
requestShowSelected
Re-ask Pitchly whether "Show Only Selected" is checked
requestUserId
Ask Pitchly for the current user ID
To hide the filter when your App is initialized, for example, you would simply call:
To get the current organization and database, you would call:
You shouldn't normally need to call the latter methods to request information, since changes to the filter, row selections, etc. will automatically be pushed to you as they change via the onFilter, onSelection, etc. callbacks. The exception is requestUserId.
Any of the "request" type methods also accept an optional callback as an argument. When a callback is given, the callback will receive the result of the request after it has completed. It will be executed after any on___ callbacks.
Note that these references to pitchly when calling methods refers to the variable the Pitchly class is instantiated on, not the Pitchly class itself. They could just as easily be p.getDatabaseId() if Pitchly was instantiated to the variable p. Do not call methods from the Pitchly class itself.
We wouldn't feel right unless we let you know about a few things you should know about access tokens:
They expire after two hours (Luckily the SDK renews them automatically for you within 2-5 minutes of expiration. If internet connection is lost, it will retry every 5 seconds until a connection is made or until Pitchly returns an error. If a permanent error is returned, it's on you to call pitchly.generateAccessToken() to try again after the problem is resolved.)
Because access tokens renew automatically, you may get multiple calls to onConnect after a user has had your App open for more than two hours. If you cache the token anywhere, make sure you update it whenever you receive a new one.
Access tokens are scoped to the organization, not the database. We made it this way because it allows Apps to be more flexible when using data that spans across multiple databases, and it allows Apps to be presented to users in a variety of ways. Keep this in mind when designing your App's backend data structures, if you store any access tokens.
Even though access tokens are scoped to an organization, your App might not necessarily be. Often times, users install Apps on a specific database. Depending on your App, users may expect to see different saved information in your App, depending on which database they're in. Also keep this in mind when designing your data structures. (We recommend in this scenario centering information around "installs" instead of users or organizations.)
Access tokens may not always be new. They will often be re-used up to 10 minutes before their expiration.
Access tokens are very powerful, but with great power comes great responsibility. You should take the following factors into consideration when dealing with access tokens.
Clients trust Pitchly to keep their data secure. For that reason, we have additional stringency requirements. These points simply serve as a reminder to follow best security practices and is by no means an exhaustive checklist. We will be adding more tips and pointers to this list over time.
If you're having any of the below issues, we may have possible solutions.
A: You may be using an old access token. Check whether your access token is coming from storage or a cache. You may also benefit from clearing your browser's history or trying to run your App in Incognito Mode in your browser.
A: Every App is given permission to only do certain things on an organization in Pitchly. You may not have the permission to do that particular task. If you really do need this extra permission, contact us to request special permissions.
A: You probably haven't set the appId parameter to the correct value when initiating the Pitchly SDK. Make sure this is the same value you received when you registered your App with Pitchly. Also make sure it is your App ID and not your App's Secret. (Never put your App Secret in client-side code!)
Do you have a problem not listed here? Contact us and we'll try to help.
This guide covers how to generate access tokens using the Pitchly JavaScript SDK. However, if you can't use our SDK for any reason (such as because your App will not be user-facing or built on the web), you can still generate access tokens by using our REST API directly. In the big picture, our SDK is simply an abstraction that makes the process of working with our OAuth endpoints easier.
Our advanced guide will tell you what you need to know to work with our OAuth endpoints directly.
The App ID you were given when .
