Skip to main content

API keys

All requests to the Tacit API require authentication via API key. Include your key in the Authorization header as a Bearer token. 
Authorization: Bearer YOUR_API_KEY

Create an API key

  1. Sign in to app.betacit.com
  2. Navigate to Settings > API keys (org-scoped) or Site Settings > API Keys (site-scoped)
  3. Click Create key
  4. Copy the full key immediately. It is only shown once
The full API key is displayed only at creation time. After you close the dialog, only the prefix is stored. The key cannot be retrieved again. Copy it before clicking Done.
Treat API keys like passwords. Never commit them to version control, embed them in client-side code, or share them in logs.

Key scoping

Scope levelDescription
Organization-scopedAccess all sites within the organization
Site-scopedAccess only the specific site the key was created for

Environment variables

Store your key in an environment variable: 
export TACIT_API_KEY="YOUR_API_KEY"

Using both API surfaces

The same API key works for both GraphQL and REST endpoints: 
curl -X POST https://app.betacit.com/graphql \
  -H "Authorization: Bearer $TACIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ building(siteId: \"your-site-id\") { id name } }"}'

Rate limits

The API enforces per-client rate limits to protect platform stability:
Client typeLimit
API key2400 requests/minute
Authenticated user1200 requests/minute
Anonymous120 requests/minute
Rate limits apply independently to GraphQL and REST endpoints. When exceeded, the API returns HTTP 429 with a Retry-After header indicating when you can retry.

Next steps

Quickstart

Use your API key to run your first query.

Brick Schema

Understand the data model behind the API.