Inboarddocs

API reference

Public REST endpoints powering the Inboard widget.

Inboard exposes a small public REST API under https://api.inboard.dev/v1. The widget itself talks to these endpoints; you can also call them directly to build a custom integration.

Authentication

The widget uses an embed key (per install template) as a public bearer token. Embed keys are safe to expose in the browser — they grant read-only access to a single install template, scoped to the variables and detection rules you configure.

Authorization: Bearer tpl_abc123

For dashboard/admin operations (creating projects, editing templates, viewing analytics), you'll need an account API key instead — generate one at Settings → API keys. Account keys grant write access; treat them as secrets.

Authorization: Bearer sk_live_xxxxxxxxxxxxxxxx

GET /v1/guides/:embedKey

Returns the rendered install template for the given embed key. Used by the widget on mount.

Query parameters

ParameterDescription
platformOverride platform detection. Slug like wordpress, shopify.
localeBCP 47 language tag. Falls back to template default.
variablesJSON object of pre-filled variables (URL-encoded).

Response

{
  "id": "tpl_abc123",
  "name": "Acme installer",
  "platform": { "slug": "wordpress", "name": "WordPress" },
  "locale": "en",
  "branding": {
    "primaryColor": "#4f76ff",
    "logoUrl": "https://...",
    "name": "Acme"
  },
  "steps": [
    {
      "slug": "add-script",
      "title": "Add the Acme script",
      "body": "Paste the following snippet...",
      "verify": { "type": "script_presence", "selector": "script[src*='acme']" }
    }
  ]
}

POST /v1/events

Reports widget events back to Inboard for analytics. Called automatically by the widget; you can also call it from onStep / onComplete callbacks if you want server-side telemetry.

Body

{
  "embedKey": "tpl_abc123",
  "sessionId": "ses_xyz",
  "event": "step_complete",
  "stepSlug": "add-script",
  "properties": {
    "platform": "wordpress",
    "durationMs": 4321
  }
}

Supported events: template_loaded, step_view, step_complete, template_complete, error.

POST /v1/verify

Runs a server-side verification check (DNS lookup, HTTP ping, script presence).

Body

{
  "embedKey": "tpl_abc123",
  "stepSlug": "add-script",
  "target": "https://acme.com"
}

Response

{
  "ok": true,
  "details": {
    "type": "script_presence",
    "found": true,
    "url": "https://acme.com"
  }
}

Rate limits

EndpointLimit
GET /v1/guides/:key60 requests / minute / key
POST /v1/events600 requests / minute / key
POST /v1/verify30 requests / minute / key
Admin endpoints120 requests / minute / account

Rate-limited requests return 429 Too Many Requests with a Retry-After header.

Errors

All endpoints return JSON errors in this shape:

{
  "error": {
    "code": "embed_key_not_found",
    "message": "No install template with that embed key.",
    "requestId": "req_xyz"
  }
}

Include requestId in any support ticket — it's logged on our side and makes investigations much faster.

On this page