Authentication

Authenticate requests using API keys.

Base URL

code
https://www.relaypilot.io/api/v1

Authentication

Send the API key using one of the following headers:

http
Authorization: Bearer <API_KEY>

or

code
X-API-Key: <API_KEY>

If an endpoint requires authentication without an API key, it uses the current user session (browser session).

Scopes

API keys are scoped. Required scopes are listed per endpoint.

code
tickets:read
tickets:write
customers:read
customers:write
comments:read
comments:write
attachments:read
attachments:write

Write scopes grant read access for the same resource.

Rate Limits

Rate limits are enforced per API key. Responses include:

code
X-RateLimit-Limit
X-RateLimit-Remaining
X-RateLimit-Reset
Retry-After

Error Format

Errors follow a consistent response format:

json
{
  "error": {
    "code": "validation_error",
    "message": "Invalid request body",
    "details": {
      "fields": [
        { "field": "workspaceId", "message": "Invalid UUID" }
      ]
    },
    "request_id": "req_abc123"
  }
}

Common error codes:

code
unauthorized
forbidden
validation_error
not_found
conflict
rate_limit_exceeded
internal_error

Required Query Parameters

Most v1 endpoints require a workspaceId query parameter:

code
?workspaceId=<uuid>

Authentication

All API requests must be authenticated with an API key.

Headers

http
Authorization: Bearer <API_KEY>

or

code
X-API-Key: <API_KEY>

Session auth

If an endpoint requires authentication without an API key, it uses the current user session (browser session).

Troubleshooting

  • Ensure your API key has the required scopes
  • Confirm the key is active and not revoked
  • Verify you are using the correct workspaceId

Last updated Jan 19, 2026