API Reference
The AttributeHQ REST API provides programmatic access to all platform features.
Base URL
https://api.attributehq.com/v1Authentication
The API uses two authentication methods:
| Method | Header | Used By |
|---|---|---|
| JWT Token | Authorization: Bearer <token> | Dashboard, management endpoints |
| API Key | X-API-Key: <key> | SDK endpoints (clicks, installs, events) |
JWT Token
Obtained via POST /api/v1/auth/signup or POST /api/v1/auth/login. Include in the Authorization header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...API Key
Generated via POST /api/v1/apps/:id/keys. Include in the X-API-Key header:
X-API-Key: ak_your_api_keyFor sendBeacon fallback (where headers can’t be set), the API key can also be sent in the request body as _api_key.
Response Format
All endpoints return JSON with this structure:
Success
{
"success": true,
"data": { ... }
}Error
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Human-readable error message",
"details": { ... }
}
}Error Codes
| Status | Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request body or query params |
| 401 | UNAUTHORIZED | Missing or invalid authentication |
| 403 | FORBIDDEN | Permission denied (e.g., wrong org) |
| 404 | NOT_FOUND | Resource not found |
| 409 | CONFLICT | Resource already exists |
| 429 | RATE_LIMITED | Too many requests |
| 500 | INTERNAL_ERROR | Server error |
Rate Limiting
| Endpoint | Limit |
|---|---|
SDK endpoints (/clicks, /installs, /events) | 100,000 req/sec per API key |
| Dashboard endpoints | 1,000 req/min per user |
Endpoints Overview
| Category | Endpoints |
|---|---|
| Authentication | signup, login, me |
| Apps | CRUD for apps |
| API Keys | Generate and manage API keys |
| Attribution | Click tracking, install attribution, event tracking |
| Analytics | Dashboard KPIs, sources, campaigns, retention, revenue |
| Postbacks | Configure ad network postbacks |
| Webhooks | Configure real-time event webhooks |