TallyDocs

API keys & authentication

All URLs below are relative to your site origin with the /api prefix (e.g. https://your-domain.com/api/v1/...).

Create an API key

API keys are created in the developer portal (not via a documented JSON flow here).

  1. Sign in at the Developer portal.
  2. Click Create key (or equivalent).
  3. Choose a name, scopes, and environment (live or test).
  4. Copy the full secret when it is shown — it is only displayed once. Store it in a password manager or secrets store; never commit it to git.

Keys look like tb_live_... or tb_test_....

Use your API key

Send the raw secret as a Bearer token on every request:

Authorization: Bearer tb_live_your_secret_here

Scopes: each key has an allow-list of scopes. Some routes may require specific scopes. If you use a Supabase session JWT instead of an API key, the API treats that session as full access for scope checks.

Example

curl -sS -H "Authorization: Bearer tb_live_xxxx" \
  -H "Content-Type: application/json" \
  "https://your-domain.com/api/v1/me"

OpenAPI

Machine-readable definitions: /api/v1/openapi.json (OpenAPI 3.1).

Conventions

  • Bodies are application/json.
  • Successful payloads are usually { "data": ... }.
  • Lists may include pagination: next_cursor (nullable string) and has_more (boolean).