Skip to main content
The Tightknit API follows designs of REST, using clear, resource-based URLs. It supports form-encoded request bodies, returns responses in JSON format, and uses on standard HTTP methods, response codes, and authentication practices.

Endpoint

Tightknit’s REST API endpoint is: 
https://api.tightknit.ai

Authentication

API Keys

To understand how to create and manage your API keys, see API Keys. To authenticate your requests, you need to pass the API key with header: Authorization: <YOUR_API_KEY> 
curl https://api.tightknit.ai/admin/v0/... \
  --request POST \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer <YOUR_API_KEY>" \
  --data '{ ... }'

Idempotency

The API supports idempotency for safely retrying mutating requests (e.g., PATCH, POST) without causing duplicate side effects. To use idempotency, include the Idempotency-Key header with a UUIDv4 value for each distinct operation: 
curl https://api.tightknit.ai/admin/v0/... \
  --request PATCH \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer <YOUR_API_KEY>" \
  --header "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000" \
  --data '{ ... }'
  • If a request with the same key has already completed, the API returns the cached response with an X-Idempotent-Replayed: true header.
  • If a request with the same key is still being processed, the API returns 409 Conflict with a Retry-After header.
  • Cached responses expire after 1 hour.
  • The key must be a valid UUIDv4 (e.g., generated via crypto.randomUUID()). Invalid formats return 400 Bad Request.
  • The header is opt-in — requests without it are processed normally.
  • Safe methods (GET, HEAD, OPTIONS) ignore the header.

Plan Requirements

Some API endpoints are only available on specific pricing plans (Growth, Momentum, or Enterprise). Endpoints with plan restrictions note the minimum required plan in their description. If you call a plan-restricted endpoint without the required plan, the API returns 403 Forbidden.

Rate Limits

When authenticated using a developer API keys may not exceed 50 requests per second across all APIs.