Build integrations, connect AI workflows, and manage projects programmatically.
All data endpoints use Bearer token authentication. Generate an API key from your , then include it in every request:
curl -H "Authorization: Bearer tql_live_YOUR_KEY" \ https://traqlinkr.io/api/v1/projects
API keys start with tql_live_ and are shown once at creation. Keep them secret.
For POST requests that create resources, include an Idempotency-Key header to safely retry without creating duplicates:
curl -H "Authorization: Bearer tql_live_..." \
-H "Idempotency-Key: my-unique-request-id" \
-d '{"name": "My Project"}' \
https://traqlinkr.io/api/v1/projectsIdempotent-Replayed: true headerPOST /api/v1/projects and POST /api/v1/batchEvery webhook delivery includes an X-TraqLinkr-Signature header for verification. The format is t=timestamp,v1=hmac.
// Node.js verification example
const crypto = require('crypto');
function verify(payload, signature, secret) {
const [tPart, vPart] = signature.split(',');
const timestamp = tPart.split('=')[1];
const expected = crypto
.createHmac('sha256', secret)
.update(timestamp + '.' + payload)
.digest('hex');
return vPart.split('=')[1] === expected;
}project.created, track.created, step.updated, share.created, share.revoked| Plan | Per Minute | Per Day | Keys | Batch | Webhooks |
|---|---|---|---|---|---|
| Free | No API access | ||||
| Basic | 30 | 1,000 | 1 | — | — |
| Pro | 120 | 10,000 | 5 | ✓ | 5 |
Rate-limited responses return 429 with a Retry-After header.
| Status | Meaning |
|---|---|
| 400 | Invalid request body or missing required fields |
| 401 | Missing, invalid, or revoked API key |
| 403 | Plan limit reached or feature not available on your plan |
| 404 | Resource not found or not owned by you |
| 409 | Idempotency key conflict (used for a different request) |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
The TraqLinkr API is versioned. All current endpoints use /api/v1/.
All plan limits (max projects, tracks, steps) apply to API requests the same as in the app.