Developer platform & API

The REST API

One HTTPS API behind every feature, authenticated with a bearer key.

3 min read · Updated June 28, 2026


Every Stoatify feature is backed by a REST API, and your API key unlocks it. If the app can do it, your code can too.

The basics

  • Base URL: requests go to https://api.stoatify.com/api/....
  • Auth: send your key as Authorization: Bearer sk_....
  • Format: JSON in, JSON out; uploads are multipart form posts.
  • Organization: a key is bound to one org; the SDK and session tokens can target another with an X-Org-Id header.

What you can reach

The full surface: documents (upload, search, update, trash, versions), notes, categories, tags, contacts, custom fields, folders, storage paths, saved views, share links, reminders, webhooks, org and member management, and e-signatures.

  • Rate limits apply per user to writes, uploads, and content, generous for normal use.
  • Errors come back as JSON with a status code; a plan-gated feature returns a clear response saying which plan you need.

Good to know

Endpoints live under /api with no separate version to pin. A quick check: curl -H "Authorization: Bearer sk_..." https://api.stoatify.com/api/documents.

Tip

The CLI and SDK wrap this API so you don't have to hand-roll requests.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app