Private Integrations let your practice build secure, custom connections between your Aesthetix CRM account and any third-party application. This is ideal for internal tools, automated workflows, and custom systems that need API access without building a full public app. Rather than handing a developer unrestricted access to your account, you generate a token from your settings, restrict exactly which permissions it carries, and rotate or revoke it whenever you need to.
If you want to integrate Aesthetix CRM with another app, you generally have two options: install a relevant app from the App Marketplace, or build your own private integration with the help of a developer using our API. Private Integrations covers the second option securely.
The key advantages are:
Simple: Generate Private Integration tokens from your account settings and manage them with ease.
Secure: You restrict the scopes and permissions a developer can access on your account.
Private Integrations are a more powerful yet more secure alternative to legacy API Keys.
Private Integrations | API Keys |
|---|---|
More secure: You restrict the scopes and permissions a developer can access on your account. | Less secure: A developer gets unrestricted access to all your account data. |
State of the art: Access API v2.0, which is current and actively maintained. | Outdated: API Keys work on API v1.0, which has reached end of life and is no longer maintained. |
More features: API v2.0 has more powerful APIs and supports webhooks, so third-party apps can be notified when specific events occur on your account. | Fewer features: API v1.0 has limited APIs and does not support webhooks. |
Put simply, a Private Integration token is a static, fixed OAuth2 access token.
Private Integrations | Access Tokens |
|---|---|
Generated from the UI: A Private Integration token is generated easily from the interface. | Programmatic generation: Access tokens are generated by exchanging an OAuth access code using the Get Access Token API. |
Static and fixed: Private Integration tokens do not automatically refresh unless you rotate them from the UI. | Refreshed daily: Access tokens expire daily and must be refreshed. |
Private Integration tokens are used in the Authorization header, exactly like other access tokens. The API is powered by our underlying provider, so requests are sent to the services.leadconnectorhq.com host.
For example, to retrieve a location's (account's) details, call the Get Location API with your Private Integration token in the Authorization header:
curl --request GET \
--url https://services.leadconnectorhq.com/locations/ve9EPM428h8vShlRW1KT \
--header 'Accept: application/json' \
--header 'Authorization: <YOUR PRIVATE INTEGRATION TOKEN>' \
--header 'Version: 2021-07-28'Once your Private Integration is created, test it by pushing data to an API endpoint. You will need the correct endpoint URL to do this. For example, to add a new contact, send a request to the contacts endpoint with your token in the Authorization header. Make sure to:
Replace the location value with your actual account (location) ID.
Replace the Authorization value with your generated Private Integration token.
For a full list of available endpoints, request and response details, and testing capabilities, refer to the API v2.0 developer documentation at marketplace.leadconnectorhq.com/docs. This is the developer portal for the underlying API that powers Aesthetix CRM, where you can find every endpoint and its request and response format.
By default, all account admins can create and manage Private Integrations. You can restrict this at the user level. Go to Settings > Team, edit the specific admin, open Roles & Permissions, and enable or disable Private Integrations for that admin. You can control whether an admin may view and manage your account's Private Integrations.

You can find Private Integrations under your account settings. If you do not see it under Settings, make sure the feature is enabled in Labs.

Step 1: Click Create new Integration.

Step 2: Give your Private Integration a name and description so you and your team can identify what it is for.

Step 3: Select the scopes and permissions the integration should have access to on your account. Select only the scopes you actually need, for better data security.

Step 4: Copy the generated token and share it only with your trusted third-party app developer. Do not share it publicly.
Note: Copy the token now, because you will not be able to view it again later.

We recommend rotating your Private Integration tokens every 90 days.
Step 1: Navigate to Private Integrations under settings and click the Private Integration you created.

Step 2: Click Rotate and expire this token later.

Step 3: Click Continue on the warning message if you are sure you want to proceed.

Step 4: Copy the new token and update it in your third-party app. You get a 7-day window where both the old and new tokens work. After 7 days, the old token expires. During that window you can:
Cancel rotation if, for example, your developer needs more time to update the token.
Expire Now if, for example, the third-party app is already updated with the new token.
Note: Copy the token now, because you will not be able to view it again later.

Step 1: Navigate to Private Integrations under settings and click the Private Integration you created.

Step 2: Click Rotate and expire this token now.

Step 3: Click Continue on the warning message if you are sure you want to proceed.

Step 4: Copy the new token and update it in your third-party app.
Note: Copy the token now, because you will not be able to view it again later.

Yes. You can edit the Private Integration name, description, and scopes at any time after creating it.
Step 1: Navigate to Private Integrations under settings and select Edit from the three-dot menu.

Step 2: Update the name and description if needed, then click Next.

Step 3: Update the scopes and permissions if needed, selecting only what you require, then click Update to save.

Note: Updating the details does not generate a new token. The existing token continues to work. You can create up to 5 Private Integration tokens per account.
Once you no longer use the third-party app, you can delete the Private Integration. Navigate to Private Integrations under settings and select Delete from the three-dot menu.

What is a Private Integration?
It is a secure, self-generated API token that lets a developer connect a third-party app to your Aesthetix CRM account with only the permissions you grant, without building a full public Marketplace app.
How is a Private Integration different from an API Key?
API Keys give unrestricted access to all your data and run on the retired API v1.0. Private Integrations let you scope permissions, run on API v2.0, and support webhooks, making them both more secure and more capable.
Where do I find Private Integrations if I do not see them in Settings?
Enable the feature in Labs first, then it will appear under your account settings.
Why does the API host say leadconnectorhq.com?
Our API is powered by our underlying integration provider, so API requests are sent to the services.leadconnectorhq.com host. This is expected and does not change how the integration behaves for your account.
How often should I rotate my token?
We recommend every 90 days. Rotation gives you a 7-day window where the old and new tokens both work, so your developer has time to update the app before the old token expires.
What should I do if my token is exposed?
Rotate and expire it immediately using Rotate and expire this token now, then update your third-party app with the new token.
Can I change a token's permissions without breaking my integration?
Yes. Editing the name, description, or scopes does not generate a new token, so your existing token keeps working.
How many Private Integration tokens can I create?
You can create up to 5 Private Integration tokens per account.
Do I need to copy the token right away?
Yes. The full token is shown only once at creation or rotation. If you lose it, you will need to rotate the token to generate a new one.