ConsistlyAPI

Consistly API

Manage icons, enforce brand rules, and distribute assets programmatically.

The Consistly public API is split into three product surfaces that share one substrate: the same authentication, versioning, error envelope, idempotency, and rate-limiting behaviour applies everywhere.

Platform API

Identity, API keys, OAuth applications, webhook endpoints, events, and file uploads.

Brand API

Brand rules, palettes, fonts, compliance checks, and guideline extractions.

CMS API

Icons, icon sets, PPT sets, slide assets, deployments, and connected sources.

Base URLs

SurfaceBase URL
Platformhttps://staging.consistly.io/api/public/v1
Brandhttps://staging.consistly.io/api/public/brand/v1
CMShttps://staging.consistly.io/api/public/cms/v1

Quick start

Authenticate with a bearer API key from the Consistly dashboard, then ping a surface to confirm connectivity:

curl https://staging.consistly.io/api/public/v1/ping \
  -H "Authorization: Bearer sk_test_..."

See Authentication for key types, scopes, and OAuth.

Versioning

Every surface is date-versioned. The current version is 2026-05-20. Each response carries the version that served it in the Consistly-Version header, and you can pin a request to a version by sending the same header with an ISO date. Malformed values fall back to the default version.

Request IDs

Every response includes a Consistly-Request-Id header (req_...). Include it when reporting issues — it links directly to our logs.

Errors

Errors use one consistent envelope:

{
  "error": {
    "type": "authentication_error",
    "code": "missing_credentials",
    "message": "Authentication is required for this endpoint.",
    "request_id": "req_8f3a...",
    "docs_url": "https://docs.consistly.com/errors/missing_credentials"
  }
}
TypeMeaning
invalid_request_errorThe request was malformed or failed validation.
authentication_errorMissing or invalid credentials.
permission_errorThe key is valid but lacks the required scope.
rate_limit_errorToo many requests — back off and retry.
idempotency_errorAn Idempotency-Key was reused with a different body.
compliance_errorThe operation violates a configured brand rule.
api_errorSomething failed on our side.

Idempotency

Mutating endpoints accept an Idempotency-Key header (up to 255 characters). Replaying a request with the same key and body returns the original response; reusing a key with a different body for the same route is rejected with an idempotency_error.

Rate limits

Requests are rate-limited per API key with a token bucket (100 requests/second with a burst of 200 by default). Responses include RateLimit-Limit and RateLimit-Remaining headers; exceeding the limit returns a rate_limit_error with HTTP 429.

Authentication

Bearer API keys, product-prefixed scopes, and OAuth client credentials.

On this page

Base URLsQuick startVersioningRequest IDsErrorsIdempotencyRate limits