Authentication
All API requests require an API key passed via the Authorization header or X-API-Key header.
Getting an API key
API keys are managed at Admin → API Keys in your dashboard. Keys are shown once on creation — store them securely. API access requires a Pro or Council plan.
Making your first request
Let's list your cases:
/api/casesReturns a paginated list of cases for your tenant.
Example response
{
"cases": [
{
"id": "clx...",
"reference": "CW-2026-0042",
"status": "open",
"publicSummary": "Pothole on High Street near junction with Mill Lane",
"wardId": "ward-123",
"categoryId": "cat-456",
"createdAt": "2026-01-15T10:30:00.000Z",
"updatedAt": "2026-01-15T10:30:00.000Z"
}
],
"pagination": {
"page": 1,
"pageSize": 20,
"total": 42,
"totalPages": 3
}
}
Rate limits
API requests are limited to 100 requests per minute per API key.
When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.
| Header | Description |
|---|---|
X-RateLimit-Remaining | Requests remaining in the current window |
Retry-After | Seconds until the rate limit resets (only on 429) |
Error format
All errors return a JSON body with an error field:
{
"error": "Invalid API key",
"details": {}
}
| Status | Meaning |
|---|---|
| 400 | Bad request — invalid parameters |
| 401 | Unauthorized — missing or invalid API key |
| 403 | Forbidden — valid key but insufficient scope or plan |
| 404 | Not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Scopes
API keys are created with specific scopes that control what they can access:
| Scope | Access |
|---|---|
cases:read | List and view cases |
cases:write | Create and update cases |
wards:read | List and view wards |
categories:read | List and view categories |
users:read | List and view users/councillors |
events:read | List and view events |
events:write | Create and update events |
news:read | List and view news articles |
news:write | Create and update news |
reports:read | View reports and analytics |
webhooks:read | List webhook endpoints |
webhooks:write | Manage webhook endpoints |
Scope availability
Pro plans have access to basic scopes (cases, wards, categories, events, news). Council plans unlock all scopes including reports, audit, webhooks, and settings.