API
Security And Data Model
Understand read-only scope, workspace boundaries, and exported data limits.
The public API is intentionally read-only and workspace-scoped.
Read-only access
API keys can read export resources. They cannot create prompts, run tracking, change recommendations, edit drafts, manage billing, or mutate workspace settings.
Workspace boundary
Every request is authenticated to one workspace. The API only returns rows for that workspace.
Plan history
Exports respect the workspace plan history window. meta.history_start tells
you the earliest effective export time for the request.
Excluded data
The public API does not expose:
- billing internals
- plan quota internals
- raw provider request payloads
- raw provider response payloads
- hidden provider usage payloads
- mutable internal admin endpoints
Safe key handling
Use a separate API key per integration. Revoke keys that are unused, exposed, or owned by a former teammate.