Collecta
Book a demo
Tour the whole platform
One system for your entire operation.
Explore
All systems operational
System status
Live uptime & incident history
PlatformModulesAI AgentAutomationIntegrations & IoTSecurityMobile appPlansDocsStatusCompanyBook a demo
API

A REST API for your
whole operation.

A scoped REST API with per-key permissions. Authenticate with a Bearer token, read and write your modules programmatically, and watch every call in usage tracking and access logs.

Book a demoRead the docs
Endpoints

Predictable, resource-shaped routes.

GET/api/modules/:id/records
POST/api/modules/:id/records
GET/api/modules/:id/records/:recordId
PATCH/api/modules/:id/records/:recordId
DELETE/api/modules/:id/records/:recordId
GET/api/modules

Request & response

Authenticate with a Bearer token. List endpoints return a paginated { data, total } envelope.

GET /api/modules/:id/records?page=1&limit=20
Authorization: Bearer osc_live_…
200 OK
{
"data": [ … ],
"total": 248
}
Open the docs
API keys & scopes

Least-privilege by design.

Scoped per key

Issue as many keys as you need. Each is scoped per module with read, write and delete permissions — a key only touches the data it should.

Per-minute rate limits

Set a configurable per-minute request limit on every key, with an optional expiry date so short-lived integrations can't outlive their welcome.

Usage & access logs

Every call is tracked. Inspect per-key usage and full access logs to monitor traffic, debug integrations and audit who touched what.

Rate limits & usage

Predictable limits, full visibility.

Each key carries a configurable per-minute rate limit and an optional expiry. Usage is tracked per key alongside complete access logs, so you can monitor traffic, debug integrations and rotate or revoke a key the moment something looks off.

429 Too Many Requests
{
"error": "rate_limited",
"limit": 120,
"retry_after": 14
}
FAQ

API questions

Every request carries an API key as a Bearer token in the Authorization header (for example, osc_live_…). Keys are issued per tenant and never expire unless you set an optional expiry. Each request is scoped to the permissions granted to that key.
Yes. Each API key has a configurable per-minute rate limit. Usage is tracked per key with full access logs, so you can monitor traffic, spot anomalies and rotate or revoke keys at any time.
Keys are scoped per module with read, write and delete permissions, so a key only touches what it should. AI is separate from the REST API and is included on every plan — you can bring your own Anthropic key (BYOK) at the tenant level if you prefer.

Build on Collecta.

Tell us what you want to connect — we'll get you a key, scopes and a guided walkthrough of the API.

Book a demo Read the docs