Skip to main content

Base URL

Outlit exposes two API surfaces:
SurfaceBase URLAuthentication
Platform APIhttps://app.outlit.aiBearer API key
Ingest APIhttps://app.outlit.ai/api/i/v1Public key in the URL path

Authentication

Platform API

Platform API routes use an Outlit API key in the Authorization header: 
Authorization: Bearer ok_...
Use Platform API routes for customer intelligence tools, integration management, and API key validation: 
POST /api/tools/call
GET /api/integrations
POST /api/validate-api-key
The public tool gateway exposes the same customer context tools used by the CLI and agent integrations: complete customer profiles, timelines, facts, exact source lookup, semantic search across sources and facts, and read-only SQL.

Ingest API

The Ingest API uses your public key in the URL path. No additional authentication headers are required for ingestion. 
POST /api/i/v1/{publicKey}/events
Your public key is not secret and is safe to include in client-side code. It’s designed to be visible in your website’s source code.

Rate Limits

Ingest API

LimitValue
Requests per second100
Events per request100
Request body size1 MB
Rate limit headers are included in responses: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699999999

Platform API

Customer intelligence tool calls are authenticated with your Outlit API key and may count toward your plan’s API-call allowance. Integration management routes are authenticated the same way, but integration connections are governed by your plan’s connection limit.

Error Responses

Ingest API errors use the tracking response format: 
{
  "success": false,
  "message": "Error description",
  "errors": [
    {
      "path": ["events", 0, "type"],
      "message": "Invalid event type"
    }
  ]
}
Platform API errors use endpoint-specific JSON responses. Most Platform API failures include an error field: 
{
  "error": "Invalid credentials"
}
Plan and billing failures include a stable code plus plan metadata: 
{
  "error": "Your plan has exhausted its included API calls for the current billing cycle.",
  "code": "api_limit_exceeded",
  "plan": "free",
  "feature": "api_calls",
  "resetAt": 1776124800000
}

HTTP Status Codes

CodeDescription
200Success
400Invalid request body or parameters
401Invalid or missing API key
403Invalid public key, unauthorized domain, or plan connection limit
429Rate limit exceeded
500Internal server error

CORS

The Ingest API supports CORS for browser requests. Allowed origins are configured in your tracking settings (Settings -> Website Tracking -> Enabled Domains). 
Access-Control-Allow-Origin: https://your-domain.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

Available Endpoints

POST /api/validate-api-key

Verify that an Outlit API key can authenticate Platform API requests

POST /api/tools/call

Call customer intelligence tools through the public tool gateway

/api/integrations/*

List, connect, poll, disconnect, and inspect integration sync status

POST /events

Send tracking events (pageviews, custom events, identify, engagement, calendar, and stage events)