Skip to content

Sniff API calls using Chrome

Inspecting Tallyfy API calls with Chrome DevTools

Section titled “Inspecting Tallyfy API calls with Chrome DevTools”

Tallyfy uses an API-first architecture, which means every action in the web app makes API calls you can inspect. By watching these calls in Chrome DevTools, you can figure out exactly how to replicate them for your own integrations.

  • Chrome browser (latest version recommended)
  • A Tallyfy account with the right permissions
  • Basic understanding of HTTP requests and JSON

When making direct API calls to Tallyfy, you must always include this header:

X-Tallyfy-Client: APIClient
  1. Sign in to Tallyfy in Chrome.
  2. Right-click anywhere on the page and select Inspect to open DevTools.
  3. Click the Network tab.
  4. Make sure recording is active (the red record button should be filled in).
  5. Check Preserve log to keep requests between page navigations.
  6. Check Disable cache for fresh responses.
  7. Clear existing entries by clicking the clear button.
  8. Perform the Tallyfy action you want to analyze - load a template, launch a process, complete a task, etc.
  9. Click the Fetch/XHR filter at the top of the Network panel.
  10. Type /api/ in the filter box to show only Tallyfy API calls.
  11. Click any request in the filtered list to open its details.

In the Headers tab, you’ll find:

  • General info: The full request URL, HTTP method (GET, POST, PUT, DELETE), and status code (200 for success, 400 for client errors, etc.)

  • Request headers: Look for Authorization: Bearer <token>, X-Tallyfy-Client: APIClient, and Content-Type: application/json

  • Response headers: Server metadata, rate limiting info, and caching directives

For POST, PUT, or PATCH requests, click the Payload tab to see what was sent:

  • Form Data shows URL-encoded parameters
  • Request Payload shows the JSON body
  • View Source shows the raw data exactly as sent

To copy the payload:

  1. Click the view source subtab.
  2. Select all the text in the payload area.
  3. Copy it - you can use this exact format in your own API calls.

Check what came back from the server:

  • The Response tab shows raw data
  • The Preview tab shows formatted JSON

Look at the data structure, success/error messages, pagination info, and timestamp formats.

Chrome DevTools Network panel showing a Tallyfy API request payload
HeaderValuePurpose
AuthorizationBearer YOUR_TOKENAuthentication
X-Tallyfy-ClientAPIClientRequired identifier
Content-Typeapplication/jsonRequest format
Acceptapplication/jsonResponse format

To verify you’ve correctly captured a Tallyfy API call:

  1. Copy the endpoint URL, headers, and payload from DevTools.
  2. Recreate the request using Postman, Insomnia, or cURL.
  3. Compare your response with what you saw in DevTools.
  4. Troubleshoot any differences.

Here’s what a typical Tallyfy API call looks like in cURL - this one launches a process from a template:

Terminal window
curl -X POST "https://go.tallyfy.com/api/organizations/{org_id}/runs" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Tallyfy-Client: APIClient" \
-H "Accept: application/json" \
-d '{
"checklist_id": "abc123",
"name": "Test Process"
}'
  1. Right-click on any API request in the Network panel.
  2. Select Copy > Copy as cURL.
  3. Paste it into a terminal or text file - it’ll include all headers and auth tokens automatically.

You can simulate slow connections to test how your integration handles latency. Click the dropdown next to Online in the Network panel and pick a throttling preset.

  • Make sure DevTools is open before you perform the action
  • Enable Preserve log in the Network tab
  • Disable cache and hard-refresh the page
  • Check you’re looking at the correct browser tab
  • Verify the filter text matches part of the API URL
  • Try clicking Fetch/XHR instead of using the text filter
  • Clear all filters to confirm requests exist at all
  • Check that your Tallyfy session is still active
  • Verify the Bearer token hasn’t expired
  • Make sure all required headers are included
  • Confirm your account has permission for the action

If you’re making cross-origin requests from your own app:

  • Watch for OPTIONS preflight requests in DevTools
  • Check the response headers for allowed origins and methods
  • Never share your auth tokens publicly or in screenshots
  • Mask sensitive data before sharing request details
  • Tallyfy logs all API actions in its audit trail

Integrations > Open API

Tallyfy’s REST API gives developers full programmatic access to the same platform features that…