App APIs

Create an API that allows your applications to process incoming HTTP requests

Sometimes you need to interact with your Application or its data outside of Airkit. Application APIs are a way to build custom API endpoints and interact with Airkit from external systems, leveraging the available data operations to create Journeys, modify existing Journeys, validate data, or even read data from AirData.

What is an App API?

An App API is a powerful method for integrating Airkit with other applications and services. It is how you can create a custom REST endpoints that are defined by you, through the use of combining and adding data operations together. With App APIs, you are able to create either a GET request or a POST request and can also configure your endpoint path, path parameters, and query parameters.

For a guide on how to build an App API, see Building an App API.

Securing App APIs

If the App API requires Authentication and should not be publicly available, you need a JWT. You can either bring your using by the same procedured discussed in SDK Authentication, you can generate an API key from the Console, under API > Tokens:


API Keys

Make sure to safely store the generated token at that moment since it will not be retrievable after the window is closed. If the API key is lost, you can delete the API key and create a new one.

Once the token has been created in the Console, go to Settings and add the API Key in API Key Filtering.

This will make it appear under Authentication in Triggers > App APIs .

Making a request to a Secure API

If you want to make an HTTP request to an App API that requires Authentication, this requires the request to include the token in the request header.

In the headers of the request, add:

Authorization: Bearer <Your API token>

API Tokens and Environments

Upon creation, the token needs to be assigned an environment in multi-environment organizations. This would then make the API Token only accessible to developers who have access to the corresponding environment. For example, if a developer created an API token in the development environment, then that API Token can only be used for an API created in the development environment.

For more information see Environments.


When using an App API to redirect to a URL it is recommended to use the 302 response status code instead of 301. 301s are cached by the browser which may result in unintended behavior.

Accessible Data from App API

The following is a sample payload of data that is accessible when you trigger an App API. This data can be passed to a journey and used across your application.

  "fqdn": "",
  "pathMapping": {
    "test": "foo"
  "queryParams": {
    "queryParam": "bar"
  "header": {
    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
    "accept-encoding": "gzip, deflate",
    "accept": "*/*",
    "x-forwarded-for": ""
  "host": "",
  "httpVersion": "1.1",
  "cookies": {
    "name": "value"



Payload Limits

Data passed as a request payload for App APIs have a maximum size of 5mb.

What’s Next

Interested in integrating other systems with Airkit and triggering off a journey with an HTTP request? Check out the tutorial below.