You can use the Copilot API to interface with Copilot's apps, internal users, clients, companies, and more.

Copilot's API is organized around REST. Our API has predicated resource-oriented URLs, accepts JSON request bodies and returns JSON-encoded responses, and uses standard HTTP response codes and verbs.

API Endpoint

The API endpoint is available below::

API Keys

There are two places in the Copilot Dashboard where you can create an API key.

If you are building a Custom App

For Custom Apps, API keys are automatically created as part of the setup process. For details, read the Setting up your first app article.

If you are building any other type of API integration

You can generate your API key on the Settings > API page.


Copilot supports API key-based authentication. To authenticate your requests, you must pass your key as an X-API-KEY header..

curl \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-API-KEY: <Replace this with your API Key>" \
  --data '<Replace this with a json request body as needed>' \<Replace this with a resource>`

Rate Limits

The Copilot API is limited to 20 requests per second. If you exceed this rate, you will receive a 429 status code. Subsequent requests will succeed after one second.

In addition, there is a monthly limit that is determined by the plan you are on.

PlanMonthly Rate limit


The current version of the Copilot API is V1. In order to make successful API requests, include the API version like below::<resource>

Backwards-compatible changes

Copilot considers some changes to be non-breaking and will make those changes without updating the API version. Please follow defensive coding practices to ensure stability. We consider the following to be backwards-compatible changes:

  • Adding an attribute, resource, or optional parameter.
  • Adding a new possible value to an enum type attribute.
  • Adding new event types. Webhook listeners will also receive new events.