Welcome to documentation

Make an HTTP Request in the

There are many ways you can make an HTTP request to the API. You can make a raw HTTP request in your code or use a tool like Postman.


Most of all requests to REST API need to be authenticated. The API uses API keys and HTTP bearer authentication to authenticate requests.

You can view your API keys in the For Developer menu.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Use your API key by setting it in the headers.

X-API-KEY this is a Public key from the For Developer menu

X-API-SECRET this is a Secret key from the For Developer menu

To get an HTTP bearer authentication token, you need to Authenticate using credentials and exchange the auth_codes_internal to the JWT Bearer token.

Working with an HTTP bearer authentication, you work in the user session, and all user restrictions are included.

Pay attention! The HTTP bearer authentication doesn't work without API keys

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

HTTP Methods uses the GET and POST HTTP methods on the various resources.

HTTP Headers

Every request should have default Headers:

Accept: application/vnd.api+json
Content-Type: application/vnd.api+json

API has a multi-tenant application scheme. Therefore, every request should have X-Domain Header:

X-Domain: example

Authorization token should be set via Authorization Header:

Authorization: Bearer t318a31a-0bcf-48d1-9350-a6ae499007c0

API doesn't accept the DELETE method. Instead of this, please set X-HTTP-METHOD-OVERRIDE Header:


API doesn't accept the PATCH method. Instead of this, please set X-HTTP-METHOD-OVERRIDE Header:


API doesn't accept the PUT method. Instead of this, please set X-HTTP-METHOD-OVERRIDE Header:


More details about where used each method is described in the specific request.

Status Codes

As you make requests, you'll see responses indicating what's happening on the other side of the server. The following is a list of common status codes you'll see in response from the API and what they mean.

Status CodeMeaningDescription
200OKEverything worked as expected.
201CREATEDThe request was successful, we created a new resource, and the response body contains the representation. This should only appear for POST requests.
401UNAUTHORIZEDThe client request has not been completed because it lacks valid authentication credentials for the requested resource.
403FORBIDDENThe supplied credentials are insufficient to access the resource.
404NOT FOUNDThe requested resource doesn't exist.
422UNPROCESSABLEThe server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.
500SERVER ERRORWe couldn't return the representation due to an internal server error.

Rate Limits

The Trisk API employs a number of safeguards against bursts of incoming traffic to help maximize its stability. Integration that sends many requests quickly may see error responses showing status code 429.

For all APIs, Trisk allows up to 600 requests within a one-hour time frame per one Developer License (API key). Concurrent connections are not limited at this time. We reserve the right to reduce limits to prevent abuse without additional notice or increase limits to enable high-traffic applications. Any material changes to limits are communicated in advance via email.

HTTP headers and response codes

You can use the HTTP headers to understand where the integration is for a given rate limit.

X-RateLimit-Limit: the rate limit ceiling

X-RateLimit-Remaining: the number of requests left for the 60-minute window

X-RateLimit-Reset: the remaining window before the rate limit resets, in UTC epoch seconds

Retry-After: the number of seconds before the hold will be released

Errors uses conventional HTTP response codes to indicate the success or failure of an API request.

  • Codes in the 2xx range indicate success.
  • Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.).
  • Codes in the 5xx range indicate an error with servers.

Link Builder Examples

Each request CAN contains include and fields as a GET parameters.

  • include: (string) accepts ?include=* for all nested relationships. For concrete relationships use ?include=relation_name. For nested with nested use dot notation ?include=relationship1.relationship1.1 For multiple relationships ?include=relationship_one,relationship_two

  • fields: (array[string]). By default, the response contains all object fields. Accepts: fields[relationship_name]=field_one,field_two or multiple fields[relation_ship_one]=field_one,field_two&fields[relation_two]=field_three

  • filter: array[string]). By default, the response contains all object fields. Accepts: filter[property]=value or multiple filter[property_one]=value&filter[property_two]=another value or search (not strict compliance) filter[property_one][contains]=value

Pay attention! All IDs and credentials in the documentation are examples. To work with the system, you should use actual data.