Stackle provides an external REST API that allows organisations and users to programmatically access their data. The API uses OAuth 2.0 Client Credentials for authentication and returns JSON responses.
-
OAuth Clients — each API integration is represented by an OAuth client with a unique
client_id and client_secret. Clients can be owned by a user or an organisation.
-
Access Tokens — short-lived bearer tokens obtained by exchanging your client credentials. Tokens expire after 1 hour.
-
Scopes — control what an access token can do. Currently supported scopes:
read and write.
-
Rate Limiting — each client has a token-bucket rate limit to prevent abuse. Rate limit headers are included in every response.
All API endpoints are prefixed with /api/v1/. The OAuth token endpoint is at /api/v1/oauth/token and resource endpoints are under /api/v1/external/.