Authentication
Overview
The Astalty API authenticates every request with an API key (a bearer token). You create and manage keys in the API Dashboard — see How to set up an API key.
Authenticating a request
Send your API key in the Authorization header as a Bearer token. We also recommend sending an Accept: application/json header so responses are always returned as JSON.
curl https://api.app.astalty.com.au/public/v1/participants \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
A request with a missing, malformed or revoked key is rejected with a 401 Unauthorized response.
Permissions
A key acts on behalf of the account owner, so it inherits the account owner's permissions across your Astalty account. Every endpoint still enforces the same permission checks used in the app — if the account owner couldn't perform an action in the web interface, the API will return a 403 Forbidden response for the equivalent request.
Rate limiting
The public API is rate limited to 60 requests per minute per API key. If you exceed the limit, requests return 429 Too Many Requests. Build a short delay and retry into your integration, and avoid making large bursts of calls in a tight loop.
Error responses
The API uses standard HTTP status codes and returns a JSON body describing the problem.
| Status | Meaning |
|---|---|
200 / 201 | Success |
401 Unauthorized | Missing, invalid or revoked API key |
403 Forbidden | The key doesn't have permission for this action |
404 Not Found | The resource doesn't exist (or isn't visible to your account) |
422 Unprocessable Entity | Validation failed — see the errors object for per-field messages |
429 Too Many Requests | Rate limit exceeded |
A typical error body looks like this:
{
"message": "The given data was invalid.",
"errors": {
"email": ["The email field is required."]
}
}
Request history
Every API request made with your keys is logged in the API Dashboard, where you can inspect the status, timing, request body and response body. See How to set up an API key for details.