API Reference

Authentication

Most API requests require authentication. Tallyify supports two methods: API keys for server-side integrations and session cookies for browser-based dashboard access. The public catalog endpoints (/models, /compare) need no credentials; write, watchlist and account endpoints require an API key (or a signed-in session).

API Key Authentication

Use your API key in the Authorization header:

Shell
curl -H "Authorization: Bearer tly_live_yourkey" \
  https://api.tallyify.com/v1/track

Getting an API Key

  1. Go to Dashboard - Settings - API Keys
  2. Click Create API Key
  3. Enter a descriptive name, such as Production Server
  4. Copy the key. It is shown only once.

Security: Tallyify API keys authenticate your usage telemetry. Store them in environment variables and never commit them to source control.

API Key Scopes

API keys can be scoped for telemetry, usage, pricing and alert workflows. The default SDK key uses track:write.

Access Levels

PlanAPI AccessKeys LimitHistory
FreeSDK tracking1 key7 days
ProSDK tracking3 keysFull history
TeamLimited API + SDK10 keysFull history
EnterpriseFull API + SDK100 keysUnlimited

Rate Limits

The telemetry ingestion endpoint is rate limited per API key. Other endpoints are governed by fair-use and your plan limits rather than a fixed per-minute quota.

EndpointLimitWindow
POST /v1/track600 req/min per key (configurable)1 minute
Other endpointsFair use

Exceeding the track limit returns 429 with { "error": "Rate limit exceeded" }.

Authentication Errors

JSON
// 401 - missing or invalid key
{ "error": "Missing or invalid Authorization header" }

// 403 - API key limit reached
{ "error": "API key limit reached. Your Free plan allows 1 active API key." }

Best Practices

  • Store API keys in environment variables (process.env.TALLYIFY_API_KEY)
  • Use separate keys per environment, such as development, staging and production
  • Rotate keys regularly and revoke old ones from the dashboard
  • Never log API keys, even partially