Authentication

How to authenticate with the Tabular Pro API using API keys or JWT tokens.

Authentication

Tabular Pro supports two authentication methods: API Keys (recommended for integrations) and JWT Tokens (for browser-based apps).

API Key Authentication

API keys are the recommended way to authenticate programmatic access.

Creating an API Key

  1. Go to Settings > API Keys in Tabular Pro
  2. Click Create API Key and enter a descriptive name
  3. Copy the key immediately — it's only shown once

Using Your API Key

Option 1: X-API-Key header (recommended)

curl -H "X-API-Key: tp_your_key_here" \
  https://tabularpro.com/api/surveys

Option 2: Bearer token

curl -H "Authorization: Bearer tp_your_key_here" \
  https://tabularpro.com/api/surveys

Both methods are equivalent. Use whichever fits your HTTP client best.

Key Security

  • Keys start with tp_ followed by 48 random characters
  • Keys are stored as SHA-256 hashes — we never store the raw key
  • Revoke compromised keys immediately from Settings > API Keys
  • Use separate keys for different applications
  • Never commit keys to version control

JWT Token Authentication

Used by the Tabular Pro web application and suitable for building custom browser-based clients.

Login

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "your_password", "action": "login"}' \
  https://tabularpro.com/api/auth

The response sets an auth_token HttpOnly cookie and returns user info:

{
  "success": 1,
  "data": {
    "user_id": 1,
    "user_name": "John Doe",
    "user_email": "[email protected]",
    "organization_name": "Acme Research"
  }
}

Using the Token

The JWT token is automatically sent via the auth_token cookie. For non-browser clients, extract and send it as a Bearer token:

curl -H "Authorization: Bearer eyJhbGciOiJIUz..." \
  https://tabularpro.com/api/surveys

Token Expiration

  • Default: 7 days
  • "Remember me": 30 days
  • Expired tokens return 401 Unauthorized

Permissions

API access inherits the permissions of the user who created the key:

User Type Access Level
Admin Full access to all endpoints including user management
Member Access to surveys, responses, dashboards, reports within their workspaces
Client Dashboard viewing only

Workspace Scope

Most data endpoints require a workspace context. Pass workspace_id as a query parameter:

curl -H "X-API-Key: tp_your_key_here" \
  "https://tabularpro.com/api/surveys?workspace_id=1"

Rate Limits

  • General: 1,000 requests per 15-minute window
  • Auth endpoints: 20 requests per 15-minute window
  • Rate limit headers: RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
  • Exceeded limits return 429 Too Many Requests