REST API

Overview

The Clickbase REST API is the HTTP twin of the MCP connectors. It lets you manage your team's sites, goals, funnels and API tokens, and read topline analytics — programmatically, over plain JSON.

Every surface (the web app, this REST API, and the MCP connectors) calls the exact same server-side Actions and serializes through the same Eloquent API Resources. They can never drift: a number you read here is the same number the dashboard shows.

Base URL

All endpoints live on the root domain, under the /api prefix:

https://clickbase.so/api

Authentication

The data endpoints are protected by Passport OAuth bearer tokens and scoped to the token's team. Send your token on every request:

Authorization: Bearer {token}

See Authentication for how tokens are created, how a token is pinned to its team, and the failure modes (no active team, foreign site).

The tracking ingestion endpoints and the Payments API authenticate differently (per-site keys, not OAuth) — see Tracking & events.

Headers

Header Value
Authorization Bearer {token} on the authenticated data endpoints.
Accept application/json
Content-Type application/json for requests with a body.

Response shape

Responses are unwrapped. Clickbase calls JsonResource::withoutWrapping() globally, so:

  • A single resource serializes flat — its fields are the top-level object, with no data envelope.
  • A non-paginated collection serializes as a flat JSON array.
  • Only a paginated endpoint keeps the data / meta / links envelope. The goals list is the one paginated data endpoint in the API.

Rate limiting

The authenticated data group (everything under Authorization: Bearer) is limited to 60 requests per minute. Exceeding it returns 429 Too Many Requests.

The tracking ingestion and Stripe webhook endpoints have their own, separate limits — see Tracking & events.

Errors

Errors use standard HTTP status codes:

Status Meaning
401 Unauthorized Missing or invalid bearer token.
403 Forbidden The token is bound to a team you no longer belong to.
404 Not Found The site / goal / funnel is unknown or not in your team.
422 Unprocessable Entity Validation failed, or your account has no active team.
429 Too Many Requests Rate limit exceeded.

Validation errors (422) carry a message and a errors map keyed by field name.