Skip to main content

Documentation Index

Fetch the complete documentation index at: https://supa-0373f54b.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Supa offers several integration options depending on your plan. Enterprise customers get full programmatic access via a REST API and real-time event delivery via webhooks. SSO is available on Growth and Enterprise for organizations that need centralized identity management. All plans can export analytics data as CSV or PDF.

API access

API access is available on the Enterprise plan.
The Supa REST API gives you programmatic access to submissions, tasks, users, and locations. Use it to sync operational data to your data warehouse, create tasks from external systems, or build custom dashboards on top of your Supa data.

Authentication

API keys are generated in Settings > API. Include your key in the Authorization header of every request: 
curl -X GET "https://api.allsupa.com/v1/submissions" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
Keep your API key confidential. If a key is compromised, revoke it from Settings > API and generate a new one.

Pagination

List endpoints return paginated results. Use the page and per_page query parameters to navigate through large datasets. Responses include a meta object with total, page, and per_page fields.

Rate limits

The API enforces rate limits to ensure stability. If you exceed the limit, the API returns a 429 Too Many Requests response. Use the Retry-After header to determine when to retry. For specific rate limit values applicable to your Enterprise plan, contact your dedicated support team.

Common use cases

  • Sync to a data warehouse — pull completed submissions on a schedule and load them into BigQuery, Snowflake, or Redshift
  • Create tasks programmatically — trigger Supa tasks from events in your ERP, POS, or ticketing system
  • Build custom dashboards — query location and submission data to power internal BI tools

Webhooks

Webhooks are available on the Enterprise plan.
Webhooks let Supa push real-time event notifications to your server when specific things happen — a checklist is completed, a task goes overdue, or an issue is reported. This is more efficient than polling the API for changes.

Setting up a webhook endpoint

Before registering a webhook in Supa, you need an endpoint on your server that accepts HTTP POST requests with JSON payloads: 
app.post('/supa-webhooks', (req, res) => {
  const event = req.body;
  // process the event
  res.status(200).send('OK');
});
Your endpoint must be publicly reachable. Once it’s deployed, register it in Supa:
  1. Go to Settings > Integrations > Webhooks.
  2. Click Add Endpoint.
  3. Enter your endpoint URL and select the events you want to receive.
  4. Click Save.

Available events

EventTriggered when
submission.completedA checklist submission is submitted
task.overdueA task passes its due date without completion
task.escalatedA task is escalated to a higher-level manager
issue.createdAn incident report is submitted
issue.resolvedAn incident report is marked as resolved

Webhook payload

Each event delivers a JSON payload. Here’s an example for submission.completed: 
{
  "event": "submission.completed",
  "timestamp": "2026-05-07T08:32:14Z",
  "data": {
    "submission_id": "sub_8a3f2c1d",
    "template_id": "tmpl_9b4e1a2f",
    "template_name": "Morning Opening Checklist",
    "location_id": "loc_7c5d3b8e",
    "location_name": "Ho Chi Minh City - District 1",
    "submitted_by": {
      "user_id": "usr_2d6f4a9c",
      "name": "Nguyen Thi Lan",
      "role": "location_manager"
    },
    "score": 94,
    "completed_at": "2026-05-07T08:31:58Z"
  }
}

Retries and failure handling

If your endpoint returns a non-2xx status code or doesn’t respond within 10 seconds, Supa retries the delivery up to 3 times using exponential backoff. You can view delivery attempts and their status in Settings > Integrations > Webhooks > [your endpoint] > Delivery Log.
Verify incoming webhook payloads using the signing secret shown in Settings > Integrations > Webhooks. Supa signs each request with an X-Supa-Signature header — validate this on your server to confirm the payload came from Supa and hasn’t been tampered with.

SSO / SAML

SSO is available on the Growth and Enterprise plans.
Single Sign-On lets your team log in to Supa using your existing identity provider (IdP), eliminating the need for separate Supa passwords. Supa supports any SAML 2.0 compatible IdP, including Okta, Azure AD, and Google Workspace.

Set up SSO

  1. Go to Settings > Security > Single Sign-On.
  2. Click Configure SSO.
  3. Enter your IdP metadata URL or upload the XML metadata file.
  4. Copy the Supa ACS URL and Entity ID into your IdP’s SAML application settings.
  5. Test the connection using the Test SSO button before enabling it for your organization.
  6. Once the test passes, click Enable SSO.
SSO configuration requires Owner or Admin access. If you enable SSO and lock yourself out, contact Supa support to restore access. Review your IdP configuration carefully before activating SSO for your entire organization.

Analytics export

Available on all plans, you can export any dashboard or report directly from the Analytics section:
  1. Navigate to Analytics and open the dashboard or report you want to export.
  2. Click Export in the top-right corner.
  3. Choose CSV (for raw data you want to process) or PDF (for a formatted snapshot to share).
Exports include all data currently visible in the selected view, including any active filters and date ranges.