Sustalium

API Documentation

Programmatic access to your Digital Product Certificates via RESTful API

Fast & Reliable

RESTful API with JSON responses. 99.9% uptime SLA. Rate limited to 100 requests/minute per tenant.

Secure by Default

API keys with role-based permissions. All requests over HTTPS. Multi-tenant isolation enforced at every endpoint.

Easy Authentication

Simple Bearer token authentication. Generate API keys from your dashboard with granular permissions.

Well Documented

Comprehensive docs with code examples in multiple languages. Interactive API explorer coming soon.

Getting Started

1. Generate an API Key

Log in to your Sustalium dashboard and navigate to Settings → API Keys. Create a new API key with the appropriate permissions.

2. Make Your First Request

All API requests must include your API key in the Authorization header:

curl https://api.sustalium.com/v1/products \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

3. Handle Responses

All successful responses return JSON with a data field:

{
  "data": {
    "id": "prod_abc123",
    "sku": "TEE-001",
    "name": "Organic Cotton T-Shirt",
    "category": "Textiles",
    "createdAt": "2025-12-01T10:00:00Z"
  }
}

Available Endpoints

Products

GET/v1/products

List all products

GET/v1/products/:id

Get a specific product

POST/v1/products

Create a new product

PATCH/v1/products/:id

Update a product

DELETE/v1/products/:id

Delete a product

Digital Product Certificates

GET/v1/certificates

List all certificates

GET/v1/certificates/:id

Get a specific certificate

POST/v1/certificates

Create a new certificate

POST/v1/certificates/:id/publish

Publish a draft certificate

Analytics

GET/v1/analytics/overview

Get overview metrics

GET/v1/analytics/scans

Get scan events over time

Rate Limiting

API requests are rate limited to 100 requests per minute per tenant. Rate limit headers are included in every response:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 2025-12-01T10:05:00Z

If you exceed the rate limit, you'll receive a 429 Too Many Requests response with a Retry-After header.

Error Handling

All errors return JSON with an error field and appropriate HTTP status code:

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Product not found",
    "details": {
      "productId": "prod_abc123"
    }
  }
}
400Bad Request - Invalid input
401Unauthorized - Invalid or missing API key
403Forbidden - Insufficient permissions
404Not Found - Resource doesn't exist
429Too Many Requests - Rate limit exceeded
500Internal Server Error - Something went wrong

Need Help?

Full API documentation with interactive examples is available to all Growth and Enterprise customers.

Access Full DocsContact Support