API

API authentication and core endpoints

Authenticate server-side requests with scoped API keys. User-session routes require a browser session and organization membership, but API-key calls derive organization scope from the key and must not trust submitted organization IDs.

Authorization: Bearer eventstack_...
x-eventstack-environment: production
x-eventstack-idempotency-key: deploy-api-2026-06-07
Content-Type: application/json

Core routes

POST /events
GET /events/:id/trace
GET /workflows/query
POST /replay
GET /organizations/{organization_id}/api-keys
GET /organizations/{organization_id}/billing
GET /organizations/{organization_id}/failed-events
GET /organizations/{organization_id}/dead-letters

Error shape

API errors use structured JSON with an error code, public message, optional details, and correlation identifiers where available. Do not parse private server log details from public responses.