API Reference

The cStar API is organized around REST. It accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Authentication

Authenticate API requests by including your API key in the Authorization header as a Bearer token. You can manage API keys from the CLI or your team settings.

curl -H "Authorization: Bearer sk_live_your_key" \
			  https://app.cstar.help/api/v1/teams/{teamId}/tickets

Secret

sk_live_* / sk_test_*

Full read/write access. Keep server-side only — never expose in client code.

Publishable

pk_live_* / pk_test_*

Read-only access. Safe for frontend apps, widgets, and public-facing code.

Base URL

https://app.cstar.help/api/v1/teams/{teamId}

All endpoints are scoped to your team. Replace {teamId} with your team's UUID (found in team settings or via cstar status).

Errors

cStar uses conventional HTTP status codes. Codes in the 2xx range indicate success, 4xx indicate a client error, and 5xx indicate a server error.

200 OK — Request succeeded

201 Created — Resource created successfully

400 Bad Request — Missing or invalid parameters

401 Unauthorized — Invalid or missing API key

403 Forbidden — Key lacks required permissions

404 Not Found — Resource doesn't exist

429 Rate Limited — Too many requests

500 Server Error — Something went wrong on our end

Error response shape

{
			  "error": {
			    "code": "parameter_missing",
			    "message": "title is required",
			    "param": "title"
			  }
			}

Rate Limits

The API is rate-limited per key. Limits are returned in response headers. When exceeded, requests return 429 with a retryAfter value in the error body.

Secret keys 120 requests / minute

Publishable keys 60 requests / minute