Base URL
Authentication
All API requests require JWT authentication. The flow involves:- Challenge - Obtain a signed challenge from the server
- Verify - Submit the challenge with your credentials
- Token - Receive JWT access and refresh tokens
Rate Limits
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Free | 60 | 1,000 |
| Pro | 300 | 50,000 |
| Enterprise | 1,000 | Unlimited |
X-RateLimit-Limit- Maximum requests per windowX-RateLimit-Remaining- Requests remainingX-RateLimit-Reset- Unix timestamp when the window resets
Request Format
All requests must include:Authorization: Bearer <access_token>headerContent-Type: application/jsonfor POST/PUT
Response Format
Successful responses:API Versioning
The API uses URL versioning (/v1/). Backward-incompatible changes are released as new versions.
The GraphQL API is available at
https://api.consuelohq.com/graphql and uses
the same authentication.