Base URL
Authentication
All API requests require a Bearer token in the Authorization header:Content type
All requests and responses use JSON:Pagination
List endpoints support pagination with query parameters:
Paginated responses return:
Versioning
The API uses header-based versioning with semantic versions. Each platform environment is pinned to a specific API version on creation and will continue to receive that version’s response shapes, even as the API evolves.How it works
- Environment pin (default) - When you create an environment, it is pinned to the current API version. All requests from that environment automatically use that version.
- Per-request override - Send the
Keystone-Versionheader to override the pinned version for a single request. - Backward compatibility - The API always runs the latest logic internally. When your pinned version is older than the current version, responses are automatically transformed to match the schema you expect.
Keystone-Version response header confirms which version was used:
/v1/ URL prefix is a structural namespace, not the version itself. The actual version is controlled via the header and environment pin.
Admin endpoints (
/v1/admin/*) are never versioned - they always return the latest schema.Rate limits
The default rate limit is 600 requests per minute per environment. Rate-limited requests receive a429 response with a Retry-After header indicating when to retry.
Per-environment rate limits can be configured via the environments API. Contact support for limits above 600 RPM.