> ## Documentation Index
> Fetch the complete documentation index at: https://outlit-codex-platform-actions-create-update-cli.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# API Overview

> Direct API access for custom integrations

## Base URL

Outlit exposes two API surfaces:

| Surface      | Base URL                         | Authentication             |
| ------------ | -------------------------------- | -------------------------- |
| Platform API | `https://app.outlit.ai`          | Bearer API key             |
| Ingest API   | `https://app.outlit.ai/api/i/v1` | Public key in the URL path |

[Download the canonical OpenAPI spec](/openapi.json) for schema-driven clients, crawlers, and API discovery.

## Authentication

### Platform API

Platform API routes use an Outlit API key in the `Authorization` header:

```http theme={null}
Authorization: Bearer ok_...
```

Use Platform API routes for customer intelligence tools, integration management, and API key validation:

```http theme={null}
POST /api/tools/call
GET /api/integrations
POST /api/validate-api-key
```

The public tool gateway exposes the same customer context tools used by the CLI and agent integrations: complete customer profiles, timelines, facts, exact source lookup, semantic search across sources and facts, and read-only SQL.

[Platform Actions](/ai-integrations/platform-actions) expose selected agent, automation, signal, and destination configuration through REST routes that are also available from the CLI and MCP.

### Ingest API

The Ingest API uses your **public key** in the URL path. No additional authentication headers are required for ingestion.

```
POST /api/i/v1/{publicKey}/events
```

<Warning>
  Your public key is **not secret** and is safe to include in client-side code. It's designed to be visible in your website's source code.
</Warning>

## Rate Limits

### Ingest API

| Limit               | Value |
| ------------------- | ----- |
| Requests per second | 100   |
| Events per request  | 100   |
| Request body size   | 1 MB  |

Rate limit headers are included in responses:

```
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699999999
```

### Platform API

Customer intelligence tool calls are authenticated with your Outlit API key and may count toward your plan's API-call allowance. Integration management routes are authenticated the same way, but integration connections are governed by your plan's connection limit.

## Error Responses

Ingest API errors use the tracking response format:

```json theme={null}
{
  "success": false,
  "message": "Error description",
  "errors": [
    {
      "path": ["events", 0, "type"],
      "message": "Invalid event type"
    }
  ]
}
```

Platform API errors use endpoint-specific JSON responses. Most Platform API failures include an `error` field:

```json theme={null}
{
  "error": "Invalid credentials"
}
```

Plan and billing failures include a stable `code` plus plan metadata:

```json theme={null}
{
  "error": "Your plan has exhausted its included API calls for the current billing cycle.",
  "code": "api_limit_exceeded",
  "plan": "free",
  "feature": "api_calls",
  "resetAt": 1776124800000
}
```

### HTTP Status Codes

| Code | Description                                                       |
| ---- | ----------------------------------------------------------------- |
| 200  | Success                                                           |
| 400  | Invalid request body or parameters                                |
| 401  | Invalid or missing API key                                        |
| 403  | Invalid public key, unauthorized domain, or plan connection limit |
| 429  | Rate limit exceeded                                               |
| 500  | Internal server error                                             |

## CORS

The Ingest API supports CORS for browser requests. Allowed origins are configured in your tracking settings ([Settings -> Website Tracking](https://app.outlit.ai/settings/workspace/tracking) -> Enabled Domains).

```
Access-Control-Allow-Origin: https://your-domain.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type
```

## Available Endpoints

<Card title="POST /api/validate-api-key" icon="key" href="/api-reference/validation">
  Verify that an Outlit API key can authenticate Platform API requests
</Card>

<Card title="POST /api/tools/call" icon="terminal" href="/api-reference/tools">
  Call customer intelligence tools through the public tool gateway
</Card>

<Card title="/api/integrations/*" icon="plug" href="/api-reference/integrations">
  List, connect, poll, and inspect integration sync status
</Card>

<Card title="/api/agents, /api/automations, /api/signals, and /api/destinations" icon="sliders" href="/ai-integrations/platform-actions">
  Inspect and safely prepare platform configuration through shared platform actions
</Card>

<Card title="POST /events" icon="arrow-right" href="/api-reference/ingest">
  Send tracking events (pageviews, custom events, identify, engagement, calendar, and stage events)
</Card>
