API reference
Public REST endpoints powering the Inboard widget.
Inboard exposes a small public REST API under https://api.inboard.dev/v1. The widget itself talks to these endpoints; you can also call them directly to build a custom integration.
Authentication
The widget uses an embed key (per install template) as a public bearer token. Embed keys are safe to expose in the browser — they grant read-only access to a single install template, scoped to the variables and detection rules you configure.
Authorization: Bearer tpl_abc123For dashboard/admin operations (creating projects, editing templates, viewing analytics), you'll need an account API key instead — generate one at Settings → API keys. Account keys grant write access; treat them as secrets.
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxGET /v1/guides/:embedKey
Returns the rendered install template for the given embed key. Used by the widget on mount.
Query parameters
| Parameter | Description |
|---|---|
platform | Override platform detection. Slug like wordpress, shopify. |
locale | BCP 47 language tag. Falls back to template default. |
variables | JSON object of pre-filled variables (URL-encoded). |
Response
{
"id": "tpl_abc123",
"name": "Acme installer",
"platform": { "slug": "wordpress", "name": "WordPress" },
"locale": "en",
"branding": {
"primaryColor": "#4f76ff",
"logoUrl": "https://...",
"name": "Acme"
},
"steps": [
{
"slug": "add-script",
"title": "Add the Acme script",
"body": "Paste the following snippet...",
"verify": { "type": "script_presence", "selector": "script[src*='acme']" }
}
]
}POST /v1/events
Reports widget events back to Inboard for analytics. Called automatically by the widget; you can also call it from onStep / onComplete callbacks if you want server-side telemetry.
Body
{
"embedKey": "tpl_abc123",
"sessionId": "ses_xyz",
"event": "step_complete",
"stepSlug": "add-script",
"properties": {
"platform": "wordpress",
"durationMs": 4321
}
}Supported events: template_loaded, step_view, step_complete, template_complete, error.
POST /v1/verify
Runs a server-side verification check (DNS lookup, HTTP ping, script presence).
Body
{
"embedKey": "tpl_abc123",
"stepSlug": "add-script",
"target": "https://acme.com"
}Response
{
"ok": true,
"details": {
"type": "script_presence",
"found": true,
"url": "https://acme.com"
}
}Rate limits
| Endpoint | Limit |
|---|---|
GET /v1/guides/:key | 60 requests / minute / key |
POST /v1/events | 600 requests / minute / key |
POST /v1/verify | 30 requests / minute / key |
| Admin endpoints | 120 requests / minute / account |
Rate-limited requests return 429 Too Many Requests with a Retry-After header.
Errors
All endpoints return JSON errors in this shape:
{
"error": {
"code": "embed_key_not_found",
"message": "No install template with that embed key.",
"requestId": "req_xyz"
}
}Include requestId in any support ticket — it's logged on our side and makes investigations much faster.