Skip to main content
The values you reach for repeatedly while integrating, in one place. Each section links to the full guide for request shapes and detail.

Base URLs

Sandbox and production are fully isolated — data and credentials never cross between them. See Environments.

Authentication

Tokens are issued from the OIDC token endpoint and sent on every request as Authorization: Bearer <token>. App tokens are short-lived — refresh before expires_in elapses. See Client credentials and User token.

Rate limits

The API allows 30 requests per second. Exceeding it returns 429 Too Many Requests with a Retry-After header. Watch RateLimit-Remaining to stay under the ceiling, and back off with exponential delays on a 429, starting from the Retry-After value. See Rate limiting.

Pagination

List endpoints use cursor-based pagination with the same contract everywhere. Each response carries nextPaginationToken (and prevPaginationToken). Keep requesting with the returned token until nextPaginationToken is null — that is the only stop condition. See Pagination, sorting, and filtering.