API Reference Overview
The API Reference documents every endpoint across all smplkit services. Use the navigation above to browse endpoints by product, or use the built-in "Try It" client to test calls directly from the docs.
The platform exposes five service surfaces:
- Platform — accounts, users, environments, services, contexts, API keys, subscriptions, payment methods. Hosted at
app.smplkit.com. - Audit — append-only change-history log for both smplkit-emitted and customer-emitted events. Hosted at
audit.smplkit.com. - Config — application configuration with parent-based inheritance and environment overrides. Hosted at
config.smplkit.com. - Flags — feature flags with rules-based targeting per environment. Hosted at
flags.smplkit.com. - Logging — runtime log-level control. Hosted at
logging.smplkit.com.
Most developers interact with smplkit through an SDK. The REST API is available for languages without an SDK, automation scripts, and infrastructure-as-code tools.
Authentication
All API requests require a Bearer token in the Authorization header:
Authorization: Bearer sk_api_your_key_hereAPI keys are created in the developer console at app.smplkit.com under API Keys. A single API key provides access to all smplkit products within your account.
Conventions
All smplkit APIs follow the JSON:API specification (v1.1).
Request Format
json
{
"data": {
"type": "resource_type",
"attributes": {
"name": "value"
}
}
}Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Resource created |
204 | Resource deleted |
400 | Validation error |
401 | Invalid authentication |
403 | Not authorized |
404 | Not found |
409 | Conflict |
Error Format
json
{
"errors": [
{
"status": "400",
"title": "Validation Error",
"detail": "Field required",
"source": { "pointer": "/data/attributes/name" }
}
]
}Security Best Practices
- Store API keys in environment variables — never commit them to source control
- Rotate keys periodically using the console
- Revoke compromised keys immediately