Base URL
The API is served at your deployment’s base URL. All resource endpoints are prefixed with/v1:
/health and /v1/meta) are available without a version prefix and a /v1 prefix respectively, as described in the Utility endpoints section below.
Authentication
Every endpoint exceptGET /health requires a valid OIDC bearer token issued by a configured identity provider. Include the token in the Authorization header of every request:
401 Unauthorized response. See the Authentication guide for instructions on obtaining and refreshing tokens.
In local and development environments, authentication may be disabled for
convenience. In
staging and prod deployments, authentication is always
enforced and cannot be disabled.Content Type
All request bodies must be encoded as JSON, and all responses — including errors — are returned as JSON. Set theContent-Type header on any request that includes a body:
Content-Type: application/json on every endpoint.
Versioning
The current API version isv1. The version prefix is part of every resource path (e.g., /v1/tenants/:tenant_id/snapshots).
Snapshot payloads carry an additional versioning field, envelope_version, which is always set to "entity_state_envelope_v1". This field is stable and lets you write forward-compatible snapshot parsers without coupling to the HTTP version.
When Tally introduces breaking changes, a new path prefix (/v2, etc.) will be introduced alongside the existing one, giving you time to migrate before the old version is retired.
Endpoints Overview
Subjects & Snapshots
Create and retrieve entity state snapshots for subjects across your tenants.
Snapshot Reads
Query the current or historical snapshot for any entity by subject and type.
Diffs
Compute attribute-level diffs between two snapshots or across a time range.
State Updates
Apply JSON Patch operations to update attributes on an existing entity state.
Tenants & Access
Manage tenants, list members, and configure tenant-level settings.
Grants
Issue, list, and revoke cross-tenant data-sharing grants.
Refresh Requests
Trigger and track on-demand data refresh requests for a subject.
Webhooks
Register webhook endpoints to receive real-time event notifications.
Utility Endpoints
Tally exposes two utility endpoints that are useful for health checks, deployment tooling, and debugging. Neither endpoint returns sensitive data.GET /health
A simple liveness probe with no authentication required. Use this endpoint in load balancer health checks and uptime monitors.
Response
GET /v1/meta
Returns metadata about the running service instance, including the deployed version and build information. This endpoint requires a valid bearer token.
Response
| Field | Type | Description |
|---|---|---|
service | string | Always "tally-api" |
ts | ISO 8601 datetime | Current server timestamp at request time |
version | string | Package version of the running API |
node | string | Node.js runtime version |
env | string | Active NODE_ENV value |
gitSha | string | Git commit SHA of the deployed build |
builtAt | ISO 8601 datetime | Timestamp when the build artifact was created |
Pagination
List endpoints in the Tally API use cursor-based pagination. Every paginated response includes apage object:
| Field | Type | Description |
|---|---|---|
limit | integer | The maximum number of items returned in this page |
next_cursor | string | null | An opaque cursor pointing to the next page. null when you have reached the last page. |
next_cursor value as the cursor query parameter:
If
next_cursor is null or absent, you have retrieved all available
results. There is no need to make an additional request.Rate Limiting
Rate limits may apply to your API requests depending on your Tally plan and deployment configuration. When a rate limit is exceeded, the API returns a429 Too Many Requests response. Contact your account team to review or adjust your plan’s limits.