API Reference
Authentication
SquirrelStack uses API keys passed via the X-Api-Key header.
There are two key types depending on the endpoint.
Site Key
Used for client-side tracking and chat widget endpoints. Safe to include in front-end code.
your_site_key
Secret Key
Used for server-side endpoints (subscriptions, custom metrics, deals). Keep this private.
your_secret_key
Sign in to see your actual API keys.
Base URL
https://squirrelstack.app/api/v1/
Request Format
All request and response bodies are JSON. Include these headers with every request:
Content-Type: application/json
X-Api-Key: your_api_key_hereError Responses
Errors return the appropriate HTTP status code with a JSON body:
{
"error": "A single error message"
}
// or for validation errors:
{
"errors": [
{ "entity": "subscription", "index": 0, "message": "..." }
]
}| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 403 | Origin not allowed |
| 404 | Resource not found |
| 422 | Validation error |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Rate Limiting
Some endpoints enforce per-IP rate limits. When exceeded, you'll receive a 429 Too Many Requests response.
| Endpoint | Limit |
|---|---|
| POST /tracking/visits | 30 req/min |
| POST /tracking/events | 60 req/min |
| GET /chat/config | 60 req/min |
| POST /chat/conversations | 5 req/min |
| GET /chat/.../messages | 60 req/min |
| POST /chat/.../messages | 20 req/min |
| POST /monitor/heartbeat/:token | 60 req/min |
| GET /activity | 30 req/min |
| GET /metrics_summary | 30 req/min |
| GET /metrics/web | 30 req/min |
| GET /metrics/web/visits | 30 req/min |
| GET /metrics/web/events | 30 req/min |
| /errors/* | 30 req/min |
| POST /helpdesk/tickets | 10 req/min |
| /crm/list_memberships | 30 req/min |
| POST /projects/:project_id/notices | 100 req/min |