Overview
Sequence's External API (also called the Remote API) allows your application to interact with your Sequence accounts programmatically. With this API, you can:
Trigger a Rule – Invoke an automation rule you have configured in Sequence from an external system.
Return a transfer amount - tell Sequence how much money to move from a source to a destination
Retrieve Accounts – Query accounts data (like id, balance, name) of all of your accounts in Sequence via an API call.
These capabilities enable integration of Sequence's financial automation with your own software. Note: The External API is an advanced feature and is disabled by default. You must have it enabled on your Sequence account settings and use proper authentication credentials for all requests.
Enabling API Access and Authentication
Before using the External API, follow these steps to enable access and obtain credentials:
Enable the External API: You can enable the API by going to Settings --> Enable Remote API.
Generate an Access Token: Once enabled, log in to your Sequence dashboard and navigate to Account Settings > Access Tokens (or a similar section). Generate a new API access token for your user account. This token is used to authenticate API requests that require user context (such as balance queries).
Obtain API Secrets for Actions:
For Triggering a Rule via API: When you create a Rule in Sequence and configure it to be triggered externally, an API Secret will be associated with that rule. Make sure to copy or note this secret (often shown once when the rule is created or in the rule details). You'll use this secret to authenticate rule trigger calls.
Authentication Headers: The API uses custom HTTP headers for authentication:
x-sequence-access-token– Used for endpoints that require a user access token (e.g., balance queries). Set this toBearer YOUR_ACCESS_TOKEN.x-sequence-signature– Used for endpoints secured by an API secret (rule triggers). Set this toBearer YOUR_API_SECRET.
Always keep your access token and secrets secure. Do not share them or expose them in client-side code.
API Endpoint Structure
All external API endpoints are accessible under the base URL:
<https://api.getsequence.io/>
For example, triggering a rule will be a POST request to https://api.getsequence.io/rules/{ruleId}/trigger, as described below.
Each request should include the appropriate authentication headers (as described above) and a JSON body (even if empty) with Content-Type: application/json. The API returns JSON responses containing a top-level message, plus any relevant data. A unique requestId is included in responses to help track each call.
Idempotency: For operations that could be repeated (such as triggering rules or sending transfers), you can include an idempotency-key header with a unique value for each distinct operation. If you retry the same request with the same idempotency key, the server will prevent duplicate processing. This is a best practice to safely handle retries.
Now, let's go through each capability in detail with example requests and responses.
1. Triggering a Rule via API
Once you have created a Rule in Sequence (and set its trigger type to "Remote API"), you can trigger that rule by making an external API call. This is useful for kicking off automated workflows in Sequence in response to events in your own system.
Endpoint: POST /rules/{ruleId}/trigger – Trigger the rule with the specified Rule ID.
Authentication: Include the rule’s API secret in the x-sequence-signature header. (The Rule ID can be found in your Sequence dashboard when viewing or editing the rule. The corresponding API secret is the token you obtained for that rule.)
Request Body: JSON object. The body can be empty ({}) or include any JSON data your rule expects (most rules triggered via API do not require a specific payload, but you must still send a valid JSON object in the request). Ensure you set Content-Type: application/json in the header.
Example Request (cURL): Trigger a rule with ID ru_12345 (replace with your actual rule ID) using its API secret.
curl --request POST "<https://api.getsequence.io/remote-api/rules/ru_12345/trigger>" \\
--header "x-sequence-signature: Bearer YOUR_RULE_API_SECRET" \\
--header "Content-Type: application/json" \\
--data '{}'In this example, replace YOUR_RULE_API_SECRET with the secret token associated with the rule. The data is an empty JSON object. If your rule’s logic requires some input, you can include it in the JSON payload.
Successful Response: On success, you will receive a 200 OK response with a JSON body confirming the trigger. For example:
{
"code": "OK",
"message": "Rule with id ru_12345 has been triggered",
"data": {
"requestId": "b28f1d9e-8c2a-4d3e-9af1-XXXXXXXXXXXX"
}
}GitHubThis indicates the rule was accepted for execution. The requestId is a unique identifier for this trigger request (useful for debugging or tracking).
If the rule is in test mode, the message will include a note that it was a test-mode triggerGitHub. In test mode, the rule won't actually execute its real actions, but you'll still get a success response.
Error Responses: If something is wrong, you will receive an error response:
Unauthorized (401): If the
x-sequence-signatureis missing or incorrect, you'll getcode: "INVALID_API_SECRET"with message "Unauthorized".Invalid Request (400): If the Rule ID is not found, or the rule isn’t configured for API triggers, you'll get
code: "INVALID_REQUEST"with message "Invalid request".Rate Limit (429): A rule triggered too frequently will return
code: "TOO_MANY_REQUESTS"and a message like "Rule with id {ruleId} has been triggered too many times. Please try again later.". This means you should slow down the calls to this rule (by default, triggers are limited to a certain number per minute).Other Errors (500): For any unexpected server error, you'll get
code: "UNEXPECTED_ERROR"and a generic message. These are rare and usually transient.
Idempotency: You may provide an idempotency-key header if you want to guard against duplicate triggers. If the same rule is triggered with the same idempotency key, Sequence will treat subsequent calls as duplicates and not execute the rule again. This is useful if you have to retry a request due to network issues.
2. Setting the amount to be transferred
The Remote API Action lets Sequence delegate the transfer amount calculation to your own service. When a rule includes Query Remote API, Sequence makes an HTTP request to your configured URL and uses the returned amount to execute the transfer.
How it works
A rule with Query Remote API is triggered. Sequence sends an HTTP POST request to your remote endpoint. Your service responds with a JSON body containing the amount in cents. Sequence uses that amount when creating the transfer.
Usage
Log in to your Sequence account. Create or edit a rule and choose the action Query Remote API. Enter the URL of your external service and click Save. When the rule runs, Sequence will POST to your service.
Response contract
Your endpoint must return JSON with an integer amount in cents:
{
"amountInCents": 25000
}amountInCents must be a non-negative integer (e.g., 25000 = $250.00). Respond with HTTP 200 OK and Content-Type: application/json. To signal “no transfer,” return 0 for amountInCents.
3. Retrieving Account Balances via API
You can retrieve the data of all your financial accounts in Sequence (Pods, Income Sources and external accounts from all of the providers but Spinwheel) with a single API call. This is useful for getting an overview of available funds programmatically.
Endpoint: POST /accounts – Fetches accounts of all Pods, Income Sources and external accounts accessible to your user.
Authentication: Use your user access token in the x-sequence-access-token header (Bearer token). This token ties the request to your user and organization, ensuring you only retrieve balances for accounts you are permitted to see.
Request Body: JSON object (empty). No parameters are needed in the body for this call. Just send {} as the body. Ensure Content-Type: application/json is set.
Example Request (cURL):
curl --location 'https://api.getsequence.io/accounts' \
--header 'x-sequence-access-token: Bearer {YOUR_ACCESS_TOKEN}' \
--header 'Content-Type: application/json' \
--data '{}'Replace YOUR_ACCESS_TOKEN with the token you generated from the Sequence dashboard. (If you have multiple accounts or organizations, ensure the token corresponds to the one you want to query.)
Successful Response: On success, the server will return a list of accounts with their balances. For example:
{
"message": "OK",
"requestId": "f1a2b3c4-56d7-890e-fgh1-XXXXXXXXXXXX",
"data": {
"accounts": [
{
"id": "5579244",
"name": "Main Operating Pod",
"balance": { "amountInDollars": 25342.77, "error": null },
"type": "Pod"
},
{
"id": "5579245",
"name": "Client Payments Account",
"balance": { "amountInDollars": 10200.50, "error": null }
"type": "Income Source"
},
{
"id": "QDBZQjj1lohgeqVWJlnmf5lA4g83ZGCwl3Qx4",
"name": "Chase Credit Card",
"balance": { "amountInDollars": 137.9, "error": null }
"type": "Account"
}
],
"errors": [],
},
}Here, accounts is an array where each entry corresponds to an account:
nameis the nickname or identifier of the account in your Sequence app.balance(dict):amountInDollarsis the current available balance in that account, in dollars (as a numeric value). The balances are returned in US dollars by default. if there was an error getting the balance, the balance will be null.errora string that represent the error if there was during the request to get the balance or null if there wasn’t error.
typeindicates whether the account is a Pod or an Income Source or an Account.
In addition, if there was a global error and we succeeded to catch it in runtime (like invalid account) we will add the error reason that we found to the entry errors (strings array). if this is happened to you you can contact Sequence support with the requestId that you got and the errors array.
Error Responses:
Unauthorized (401): If the access token is missing or invalid, you'll get
code: "INVALID_ACCESS_TOKEN"and a message "Unauthorized". Make sure the token is correct and not expired or revoked.Server Error (500): If the system fails to retrieve accounts. This is rare and usually resolves with time. If it persists, contact support.
Additional Notes and Best Practices
Feature Availability: The External API is a premium feature. Always ensure it’s enabled on your account before attempting to use these endpoints, and test thoroughly in a safe environment. In development mode, use the local endpoints and test data (as shown in examples) before moving to production.
Security: Treat your API secrets and access tokens like passwords. Rotate them periodically and immediately revoke any token that may have been exposed. All requests should be made over HTTPS to protect data in transit.
Idempotent Operations: Use the
idempotency-keyheader for any operation that could be repeated due to timeouts or network issues (such as rule triggers or transfers). This helps avoid duplicate effects if you retry the same request.Rate Limiting: Be mindful of rate limits. Triggering the same rule repeatedly in a short time will lead to a 429 response (Too Many Requests). Design your integration to handle this (e.g., by backing off retries or queuing events).
Monitoring Requests: Leverage the
requestIdreturned in responses for debugging. If you need to contact Sequence support about a specific API call, providing them with therequestIdcan help trace what happened internally for that request.Stripe-Style Approach: The design of this API is similar in spirit to Stripe's API – focusing on clear RESTful endpoints, use of Bearer tokens for auth, idempotency keys, and meaningful response codes. As with Stripe's docs, the examples here are meant to be copy-paste ready. Modify the placeholders (IDs, tokens, secrets) with your actual values.
By following this guide, you should be able to seamlessly integrate Sequence’s external API into your applications. Whether it's automating rule triggers from your system, sending payments programmatically, or fetching real-time balances, the API opens up a powerful way to extend and customize your financial operations with Sequence. Happy coding!