All API requests must be executed over HTTPS. Calls made over plain HTTP will fail.

All API requests except for a request for an Auth Token must include an Authorization header with a valid bearer token. First, you'll need to get your Auth Token as shown here. All subsequent API requests should contain an authorization header in the format 'Bearer <your_auth_token>'.


API Key authentication is deprecated

Organization-level keys are deprecated as of March 2021. Please use user-level token authentication instead.

Machine Users

If you would like to integrate with our API exclusively for read-only automation use cases, we recommend creating a Machine User in your organization and authenticating with the API using this account. This will allow you to interact with the API without attributing requests to individuals who typically use the Rotabull web interface.

A Machine User is a regular Rotabull account, but created with the sole purpose of working with the API. You would likely want to set the email for the account to be that of the developer or team working on the integration. In the future, we anticipate releasing some changes that will allow you to restrict the functionality a Machine User account has access to on the web application.

Token Expiration

Auth Tokens expire and should be refreshed after 10 minutes.