How to authenticate with the trackagoat v1 API using API key Bearer tokens.
All v1 API requests require an API key. Keys are scoped to the organization of the user who created them.
Generate a key in the app: Org settings → API keys → + New API key.
One-time reveal
The full key (tga_<64 hex chars>) is shown once at creation. Copy it immediately — trackagoat stores only a hash and cannot recover the plaintext.
See API keys guide for step-by-step instructions.
Include the key as a Bearer token on every request:
Authorization: Bearer tga_<your-key>Example:
curl -H "Authorization: Bearer tga_abc123" \
https://www.trackagoat.com/api/v1/projectstga_<64 lowercase hex characters>Example: tga_a1b2c3d4e5f6... (64 hex chars after the prefix).
Keys are org-scoped — all data returned is limited to the organization the key belongs to. There is no per-key scope system (no read-only vs write-only — all keys have the same access level within the org).
| Status | Cause |
|---|---|
401 | Missing, invalid, or revoked key |
403 | Key is valid but the org or user is banned |
429 | Per-key sliding-window rate limit exceeded |
{
"data": null,
"error": "Invalid or missing API key",
"meta": null
}