Safe writes, dry-run & specs

Write endpoints are built for real integrations: retry them safely, preview them without committing, and generate a client from a spec that is always in sync with the routes.

Idempotent writes

Network hiccups happen. Send an Idempotency-Key header on a create/update/delete and the API guarantees the operation runs at most once for that key:

POST /v1/clients
Authorization: Bearer redz_live_...
Idempotency-Key: 6f9a2c-create-acme
Content-Type: application/json

{ "name": "Acme Builders" }
  • A retry with the same key and body replays the original result, marked Idempotent-Replayed: true — and does not consume quota twice.
  • Reusing a key with a different body returns 409 idempotency_key_reuse.
  • Firing the same key twice at once returns 409 idempotency_in_progress on the duplicate.

Dry-run

Validate a write — and preview a delete — without changing anything. Add the header X-Dry-Run: 1 or the query ?dry_run=1:

DELETE /v1/equipment/88?dry_run=1

→ { "data": { "id": 88, "deleted": false, "dry_run": true,
         "mode": "soft", "would_delete": [...], "would_keep": [...] } }

Dry-run runs the full validation and dependency check, so it is the safe way to see whether a write would succeed — and what a delete would touch — before you commit.

OpenAPI, reference & Postman

The spec and docs are generated live from the route registry on every request, so they can never fall out of step with what the API actually serves.

OpenAPI 3.1

GET /v1/openapi.json — feed it to any code generator.

Reference UI

GET /v1/docs — an interactive Scalar reference with try-it.

Postman

GET /v1/postman.json — a v2.1 collection; set baseUrl and token and go.

These three surfaces are public and unmetered — you can explore the reference before you even issue a token.

Docs

Frequently asked questions

A completed result is replayable for 24 hours; a request still in flight is protected until it finishes. Bind the key to a single logical operation and its body.

A dry-run still authenticates and validates like any request, so it is metered, but it never writes, deletes or triggers side effects.

No. /v1/openapi.json, /v1/docs and /v1/postman.json are public and unmetered. You need a token only to call the data endpoints.