Skip to content

Open API

The Tallyfy REST API lets developers build custom integrations with core platform features through code.

Tallyfy’s “API-first” approach means the public API gives you the same functionality that powers our web app. Everything we’ve built for ourselves, you get too. We depend on these APIs just as much as you do - so they’re stable and well-maintained. As an independent platform committed to data portability, we ensure you always have full programmatic access to your workflows and data.

EnvironmentBase URLDocumentation
Productionhttps://go.tallyfy.com/api/Tallyfy API reference

Tallyfy provides three authentication methods for API access:

  1. User token authentication - Get a token for a specific Tallyfy user (from their profile or through the API). Your app works with that user’s exact permissions.
    • Note: Personal access tokens are invalidated when users log out. For long-running automations, use application tokens instead.
  2. Application token authentication - Get app-level credentials (client ID and secret) so your application can act on behalf of multiple users. Ideal for server-to-server connections.
  3. OAuth authentication flow - The industry-standard way to let users grant your app access to their Tallyfy data without sharing passwords. Recommended for third-party apps. Learn more.

Every API request must include these headers:

Authorization: Bearer {your_access_token}
Accept: application/json
X-Tallyfy-Client: APIClient

The API provides access to core Tallyfy features:

CategoryOperations
Process managementLaunch processes, monitor status, cancel runs
Task operationsComplete tasks, update form data, manage comments
User managementCreate/manage users, configure roles and permissions
Template controlCreate/update templates, manage steps and form fields
Data exportExport process data, retrieve reporting information
File managementUpload files, manage attachments

Tallyfy API responses follow standard conventions:

  • All data returns as JSON.
  • Standard HTTP status codes indicate outcomes (200 for success, 4xx/5xx for errors).
  • Error responses include clear error messages.
  • List endpoints support pagination.

Tallyfy limits how fast you can call the API at two layers. When you cross a limit, the API returns HTTP 429 with a Retry-After header telling you how many seconds to wait before retrying.

  • Burst protection: rapid bursts of requests from one user or IP address get throttled for a few seconds at a time. Spread out bulk operations instead of firing them all at once.
  • Hourly caps per organization: actions that send email to people outside your organization have hourly caps. By default, guest invites (including mentions of new email addresses in comments) allow 30 per hour, and comment posting allows 120 per hour, per organization.

Hourly-cap responses include code: "RATE_LIMIT_EXCEEDED" in the JSON body:

{
"message": "You've reached the hourly limit for Guest Invite (30 per hour per organization). Please try again later.",
"code": "RATE_LIMIT_EXCEEDED"
}

Wait the number of seconds given in Retry-After, then retry. If you’re hitting limits regularly, implement caching or batching - and contact support for high-volume use cases.

  1. Get your API credentials - Find your API keys/tokens at Settings > Integrations > REST API in Tallyfy.
  2. Read the API docs - Browse the official API reference for endpoint details.
  3. Check code examples - See practical examples on Tallyfy’s GitHub repo in various programming languages.