Appearance
Authentication
Every request must include a Bearer token in the Authorization header:
Authorization: Bearer YOUR_API_TOKENTokens are issued per integration and scoped to a single agency. Contact dev-support@trakk.ai to obtain a token. Specify the IP addresses (or ranges) you wish to have whitelisted.
Rate Limits
Both limits are enforced simultaneously - a request is rejected if either window is exhausted.
By default, each token is limited to 60 requests per minute and 1,000 requests per hour. Custom limits (including unlimited) can be configured per token - contact dev-support@trakk.ai.
The following headers are included on every response:
| Header | Description |
|---|---|
X-RateLimit-Limit | Requests allowed per minute for this token |
X-RateLimit-Remaining | Requests remaining in the current minute window |
Retry-After | Seconds until the window resets (only on 429 responses) |
X-RateLimit-Reset | Unix timestamp when the current window resets (only on 429 responses) |
Hourly limit behaviour
X-RateLimit-Limit and X-RateLimit-Remaining reflect the per-minute window. If the hourly limit is hit instead, Retry-After and X-RateLimit-Reset refer to the hourly window reset time.
Example 429 response:
json
{
"error": {
"code": "rate_limit_exceeded",
"message": "Too many requests. Please slow down."
}
}IP Restrictions
Tokens are generally restricted to a list of allowed IP addresses or CIDR ranges (e.g. 203.0.113.0/24). Requests from unlisted IPs receive a 403 response.
For special cases where all IPs need to be allowed, contact dev-support@trakk.ai.
Token status
A token can have one of two statuses:
| Value | Meaning |
|---|---|
active | Token is valid and usable |
disabled | Token has been deactivated |
You can check your token's current status at any time via GET /me.