API Reference Overview
Estimated reading time: 10 minutes
The clariBI API lets you programmatically access your data sources, dashboards, reports, and analytics. This page covers the basics you need to get started.
Base URL
https://claribi.com/api/All API endpoints are relative to this base URL.
Authentication
Two authentication methods are supported:
JWT Tokens
Obtain a token by posting credentials to /api/auth/login/. Include the token in subsequent requests:
Authorization: Bearer eyJ0eXAiOiJKV1Qi...JWT tokens expire after 1 hour. Use the refresh token (valid 7 days) to get a new access token without re-authenticating.
API Keys
Generate API keys from Settings > Developer > API Keys. Include in requests as:
Authorization: Bearer claribi_key_abc123...API keys can be set to expire after 30 days, 90 days, or 1 year, or configured to never expire. They can be revoked at any time. Keys inherit the permissions of the user who created them.
See Authentication for full details.
Rate Limit Headers
Every API response includes the following headers so your application can track its throttle state:
| Header | Description | Example |
|---|---|---|
X-RateLimit-Limit |
Maximum requests allowed in the current window | 1000 |
X-RateLimit-Remaining |
Requests remaining in the current window | 847 |
X-RateLimit-Reset |
Unix timestamp (seconds) when the window resets | 1712444400 |
When the limit is exceeded, the API returns HTTP 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.
Per-Tier Rate Limits
Limits are enforced per API key (or per user session for JWT) on a rolling one-hour window.
| Tier | General Endpoints | Generation Endpoints |
|---|---|---|
| Trial | 60 requests/hour | 10 requests/hour |
| Starter | 300 requests/hour | 30 requests/hour |
| Professional | 1,000 requests/hour | 100 requests/hour |
| Enterprise | 5,000 requests/hour | 500 requests/hour |
Generation endpoints (e.g., POST /api/v1/reports/generate/) consume AI credits and have lower rate limits. All other endpoints use the general limit.
Tip
Monitor X-RateLimit-Remaining in your integration and back off before hitting zero to avoid 429 errors.
Error Response Format
All error responses use a consistent JSON structure:
{
"error": {
"message": "Human-readable description",
"code": "machine_readable_code",
"details": {}
}
}| Field | Type | Description |
|---|---|---|
error.message |
string | A human-readable explanation of the error |
error.code |
string | A stable machine-readable error code (e.g., not_found, rate_limited, invalid_scope) |
error.details |
object | Optional additional context, such as field-level validation errors |
Common Error Codes
| HTTP Status | Code | Meaning |
|---|---|---|
| 400 | validation_error |
Request body failed validation. Check error.details for field-level errors. |
| 401 | authentication_required |
Missing or invalid API key / JWT token. |
| 403 | insufficient_permissions |
The key does not have the required scope, or the user role lacks access. |
| 403 | invalid_scope |
The API key does not include the scope required for this endpoint. |
| 404 | not_found |
The requested resource does not exist. |
| 429 | rate_limited |
Rate limit exceeded. Wait until X-RateLimit-Reset before retrying. |
| 500 | internal_error |
An unexpected server error occurred. Contact support if it persists. |
Example: Validation Error
{
"error": {
"message": "Invalid request parameters",
"code": "validation_error",
"details": {
"name": ["This field is required."],
"scopes": ["'reports:write' is not a valid scope."]
}
}
}Example: Rate Limit Exceeded
HTTP/1.1 429 Too Many Requests
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1712444400
Retry-After: 1200
{
"error": {
"message": "Rate limit exceeded. Try again in 1200 seconds.",
"code": "rate_limited",
"details": {}
}
}Response Format
All successful responses return JSON with HTTP 200 or 201. List endpoints return paginated results (see Pagination below).
Complete Endpoint Reference
The external API uses the /api/v1/ prefix. All endpoints require Bearer token authentication unless noted otherwise.
Authentication & Usage
| Endpoint | Description | Scope |
|---|---|---|
GET /api/v1/auth/verify/ | Verify API key and return org/tier info | any valid key |
GET /api/v1/usage/ | View AI credit usage (used, limit, remaining) | usage:read |
Reports
| Endpoint | Description | Scope |
|---|---|---|
GET /api/v1/reports/ | List reports (paginated, filterable) | reports:read |
GET /api/v1/reports/{id}/ | Get report details | reports:read |
POST /api/v1/reports/generate/ | Generate a new report with AI analysis (synchronous, ~30-60s) | reports:generate |
GET /api/v1/reports/{id}/download/ | Download the generated report file | reports:read |
DELETE /api/v1/reports/{id}/ | Delete a report | reports:delete |
POST /api/v1/reports/{id}/public-link/ | Generate or return a public share URL | reports:share |
DELETE /api/v1/reports/{id}/public-link/ | Revoke the public share link | reports:share |
Dashboards
| Endpoint | Description | Scope |
|---|---|---|
GET /api/v1/dashboards/ | List dashboards (paginated, filterable) | dashboards:read |
POST /api/v1/dashboards/ | Create a new dashboard | dashboards:create |
GET /api/v1/dashboards/{id}/ | Get dashboard details with widgets | dashboards:read |
PATCH /api/v1/dashboards/{id}/ | Update dashboard name, description, or config | dashboards:update |
DELETE /api/v1/dashboards/{id}/ | Delete a dashboard | dashboards:delete |
POST /api/v1/dashboards/{id}/refresh/ | Refresh dashboard data with AI re-analysis | dashboards:refresh |
POST /api/v1/dashboards/{id}/public-link/ | Generate or return a public share URL | dashboards:share |
DELETE /api/v1/dashboards/{id}/public-link/ | Revoke the public share link | dashboards:share |
Data Sources
| Endpoint | Description | Scope |
|---|---|---|
GET /api/v1/data-sources/ | List active data sources (paginated, filterable) | data_sources:read |
GET /api/v1/data-sources/{id}/ | Get data source details | data_sources:read |
Goals
| Endpoint | Description | Scope |
|---|---|---|
GET /api/v1/goals/ | List goals (filterable by hierarchy_type, status) | goals:read |
GET /api/v1/goals/{id}/ | Get goal details with milestones and AI insights | goals:read |
GET /api/v1/goals/{id}/progress/ | Get progress snapshot | goals:read |
Filtering & Sorting
List endpoints support these query parameters:
| Parameter | Description | Example |
|---|---|---|
?status= | Exact match | ?status=active |
?name= | Case-insensitive substring | ?name=revenue |
?created_after= | ISO date lower bound | ?created_after=2026-01-01 |
?created_before= | ISO date upper bound | ?created_before=2026-03-31 |
?ordering= | Sort field (prefix - for desc). Default: -created_at | ?ordering=-name |
Pagination
List endpoints return paginated results. Default page size 20, max 100.
GET /api/v1/reports/?page=2&page_size=50OpenAPI Spec & Swagger UI
Machine-readable spec and interactive docs are publicly accessible (no auth required):
| URL | Format |
|---|---|
GET /api/v1/schema/ | OpenAPI 3.0 YAML |
GET /api/v1/docs/ | Swagger UI |
System Health Endpoint
A public, unauthenticated endpoint that reports the real-time status of clariBI's core services. No API key required.
| Endpoint | Description |
|---|---|
GET /api/monitoring/health/ | Quick check — DB, Redis, and Celery worker status (~50ms) |
GET /api/monitoring/health/?level=summary | Same checks with per-service breakdown |
GET /api/monitoring/health/?level=detailed | Full system check including data sources, system resources, and external APIs (~2s) |
The quick check returns:
{
"overall_status": "healthy", // healthy | warning | critical
"timestamp": "2026-04-11T...",
"version": "1.0.0"
}overall_status is the worst status across all checked services. Returns HTTP 503 when critical — load balancers and uptime monitors can use this directly.
The status indicator in the site footer reads from this endpoint in real time.
Next Steps
Ready to try clariBI?
Start your free 14-day trial. No credit card required.