OrbitKit provides a JSON REST API to help you manage your organization.

Requests which submit a JSON body (eg, POSTs) must specify Content-Type: application/json

All requests must include your organization's secret key in a header named X-Secret. You can find (and regenerate) your secret key on your organization's Settings page:

With all requests, include a header like this:

This key limits the API to manipulating data for your (and only your) organization.

Errors will produce a 400 (or 500) level HTTP error code with a JSON body structured like this:

The types field will read more specific error types to more general error types.

In the case of requests for objects that no longer exist, the OrbitKit API always returns 410 GONE instead of 404 NOT FOUND. It's just too easy to fat-finger a URL or misconfigure a proxy and suddenly your code is misinterpreting the responses.

Some API endpoints are paginated. These endpoints accept two extra parameters, limit and cursor. They always return structures that look like this:

If more is null, you are at the end. Otherwise you can pass the more value to the endpoint as a cursor parameter to receive the subsequent results.

This API is being built out progressively to satisfy user requests. If you want to do something, and you don't see a way to do it, reach out to us and we'll add it.