Skip to main content

Developing on the API

OpenAPI

The OpenAPI spec for this API is available in YAML format.

Authentication

All requests must be accompanied by an Authorization request header (not as part of the URL) in the following format:

Authorization: Bearer {token}

Unauthenticated requests will receive an UnauthorizedResponse with a 401 status code.

Providers can create tokens in the Organisation settings link once logged into the service.

Rate Limiting

API requests are rate limited to prevent abuse and ensure fair usage across all users.

Current rate limit: 100 requests per 60 seconds per IP address