The trackagoat v1 API gives programmatic read and write access to your organization's data. All endpoints are under /api/v1/ and require API key authentication.
OpenAPI spec:GET /api/v1/openapi.json — importable into Postman, Insomnia, or any OpenAPI-compatible tool.
Base URL:https://www.trackagoat.com/api/v1
The apex domain trackagoat.com redirects to www.trackagoat.com. Always use www.trackagoat.com as your base URL to avoid redirect overhead.
Authentication
See Authentication for how to generate and use API keys.
Response envelope
Every endpoint returns JSON with this shape:
json
{ "data": <payload or null>, "error": <error string or null>, "meta": <pagination info or null>}
Successful responses have data set and error: null. Error responses have data: null and error set to a message string.
Analytics and stats endpoints accept ?from=YYYY-MM-DD&to=YYYY-MM-DD. Both default to the last 30 days if omitted.
bash
GET /api/v1/analytics?entity=creator&entity_id=<uuid>&metric=views&from=2026-01-01&to=2026-03-31
API key scopes
Keys carry explicit permission scopes set at creation time:
Scope
Grants access to
read
All GET endpoints
write
All POST, PATCH, and DELETE endpoints
admin
Platform-admin-only endpoints (key owner must also be a platform admin)
Write endpoints reject keys that only have read scope with 403 insufficient_scope.
Idempotency
POST endpoints that create resources accept an Idempotency-Key header. Replaying the same key within 24 hours returns the cached response — safe for agent retries.