This page will guide you through how to interact with the ALLY API, what data you can access, and the best practices for building powerful, context-aware integrations.

Authentication

Ally API uses Bearer Token Authentication to authorize all requests. To interact with the API, you’ll need to include your Secret API Key in the Authorization header of every request. This key is a secure JSON Web Token (JWT) and should be stored safely on your backend — never expose it on the client side. Example: 
  curl -X GET "https://api.ally.com/v1/users"
Key Guidelines:
  • Your Secret API Key grants full access — keep it secure and private.
  • You can manage and regenerate your keys anytime via the Ally Developer Dashboard.

Requests

The Ally API accepts both POST and GET requests. To ensure successful communication, all requests must meet the following requirements:
  • The Authorization header must include your Secret API Key as a Bearer token
  • The Content-Type header must be set to application/json
  • The request body (for POST requests) must be valid JSON

Rate Limiting

Ally enforces a limit of 60 requests per minute. If you exceed this rate, the API will respond with a 429 Too Many Requests error. Consider implementing retries with exponential backoff in your integration.