API Reference

API Overview

The StackFlow REST API provides programmatic access to all platform capabilities. The API base URL is https://<your-instance>.stackflow-tech.com/prod/api/ (fronted by CloudFront and API Gateway uazcuhdus2). All endpoints accept and return JSON. API versioning is handled via URL prefix (current version: /prod/api/v1/, with backward-compatible /prod/api/ aliases).

⚙️ Minimum Requirements

API Gateway: REST API uazcuhdus2 with Lambda proxy integration to StackFlowAPI
JWT Auth: Valid Cognito token from pool us-east-1_WKK1AVJ2m required in Authorization: Bearer header
Rate Limit: API Gateway throttling at 10,000 RPS burst; implement exponential backoff in API clients
CORS: Access-Control-Allow-Origin configured for *.stackflow-tech.com origins

Base URL: https://your-instance.stackflow-tech.com/prod/api/
API Gateway ID: uazcuhdus2
Region: us-east-1
Format: JSON (application/json)
Auth: Bearer token (Cognito JWT)

Authentication

All API calls require a valid Cognito JWT Bearer token in the Authorization header. Obtain a token via the Cognito hosted UI OAuth flow or direct API key exchange. Service accounts should use API keys (configurable in My Profile → API Keys), which are exchanged for short-lived JWTs automatically by the SDK.

export TOKEN=$(curl -s -X POST   https://stackflow-identity-373544523367.auth.us-east-1.amazoncognito.com/oauth2/token   -H "Content-Type: application/x-www-form-urlencoded"   -d "grant_type=client_credentials&client_id=570cnagpgoochn29a113du6jnt&client_secret=$CLIENT_SECRET" | jq -r '.access_token')

curl https://your-instance.stackflow-tech.com/prod/api/incidents   -H "Authorization: Bearer $TOKEN"

Core Endpoints

Resource	Method	Endpoint	Description
Incidents	GET	`/incidents`	List incidents (filterable)
Incidents	POST	`/incidents`	Create incident
Incidents	GET	`/incidents/{id}`	Get incident detail
Incidents	PATCH	`/incidents/{id}`	Update incident fields
Changes	GET	`/changes`	List changes
Changes	POST	`/changes`	Create change
CMDB	GET	`/cmdb/cis`	List CIs (filterable)
KB Articles	GET	`/knowledge/articles`	List/search articles
AI	POST	`/ai/query`	AI copilot query
Health	GET	`/health`	API health check

Pagination

List endpoints use cursor-based pagination via cursor and limit query parameters. The response includes a next_cursor field if more results are available. Default page size is 25, maximum is 200.

curl "https://your-instance.stackflow-tech.com/prod/api/incidents?limit=50&cursor=CURSOR_TOKEN"   -H "Authorization: Bearer $TOKEN"
# Response: {"data": [...], "next_cursor": "abc123...", "total": 1250}

Rate Limiting

API rate limits are enforced at the API Gateway level: 5,000 RPS steady-state, 10,000 RPS burst. Per-user limits are 100 requests/second. Rate limit headers are included in all responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. Exceeding the rate limit returns HTTP 429 with a Retry-After header.

Bulk Operations: For importing large amounts of data, use the bulk endpoints (/incidents/bulk, /cmdb/cis/bulk) which accept up to 100 records per request and are not subject to the per-request rate limit. Bulk endpoints process asynchronously and return a job ID for status polling.

← Previous

AWS Infrastructure

Lambda, Aurora, Neptune, Redis, S3

Security & Encryption

KMS, field encryption, secrets