The Tadabase REST API provides programmatic access to your application data and functionality. Unlike pipes (which pull external data into Tadabase) and webhooks (which push data based on events), the REST API allows external applications to directly query, create, update, and delete your Tadabase data on demand. This article covers API fundamentals, authentication, request structure, and response handling—providing the foundation you need to integrate Tadabase with any platform or programming language.

REST (Representational State Transfer) is an architectural style for building web services. It uses standard HTTP methods to perform operations on resources (your data).

Key Concepts

1. Resources

• Resources are your data entities (tables, records)
• Each resource has a unique URL
• Example: https://api.tadabase.io/api/v1/tables/abc123/records

2. HTTP Methods

• GET: Retrieve data (read)
• POST: Create new data
• PUT/PATCH: Update existing data
• DELETE: Remove data

3. Stateless

• Each request is independent
• All information needed is in the request
• No session state on server

4. JSON Format

• Data exchanged in JSON format
• Human-readable and machine-parseable
• Standard for modern APIs

Why Use the API?

Use cases:

• Custom applications: Build mobile apps, custom dashboards, specialized tools
• Data integration: Connect Tadabase with systems that don't support webhooks
• Bulk operations: Import/export large datasets programmatically
• Automation: Script repetitive tasks and data operations
• Reporting: Extract data for custom analytics and reports
• Microservices: Use Tadabase as backend for distributed systems

Example scenarios:

• Mobile app that displays and updates Tadabase data
• Nightly script that imports data from legacy system
• Custom analytics dashboard pulling from multiple Tadabase apps
• Integration with system that can only make API calls (no webhook support)
• Command-line tool for bulk data operations

Tadabase uses API keys to authenticate and authorize API requests:

Obtaining API Keys

1. Navigate to API settings:
   • Go to Builder → Settings → API
2. Generate API key:
   • Click Generate API Key
   • Give it a descriptive name (e.g., "Mobile App", "Data Import Script")
   • Select permissions (read, write, delete)
3. Copy and secure the key:
   • API key shown only once
   • Store securely (password manager, environment variables)
   • Never commit to version control
   • Never expose in client-side code

API Key Permissions

Granular access control:

• Read: GET requests (retrieve data)
• Write: POST and PUT/PATCH requests (create/update data)
• Delete: DELETE requests (remove data)
• Admin: Full access including app settings

Best practices:

• Create separate keys for different purposes
• Grant minimum necessary permissions
• Read-only key for reporting/analytics
• Full access only for admin operations

Example key setup:

• "Mobile App": Read + Write (no delete)
• "Analytics Dashboard": Read only
• "Data Import Script": Write only
• "Admin Tools": Full access

Using API Keys

Include in Authorization header:

Authorization: Bearer YOUR_API_KEY

Example with cURL:

curl -X GET https://api.tadabase.io/api/v1/tables/abc123/records \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Example with JavaScript:

fetch('https://api.tadabase.io/api/v1/tables/abc123/records', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data));

Example with Python:

import requests

headers = {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.tadabase.io/api/v1/tables/abc123/records',
    headers=headers
)

data = response.json()
print(data)

API Key Management

Security practices:

• Rotate regularly: Change keys periodically (quarterly recommended)
• Delete unused keys: Remove keys no longer needed
• Monitor usage: Track which keys are being used
• Immediate revocation: Delete compromised keys immediately
• Audit trail: Log key creation and deletion

Storage best practices:

• Environment variables: Store keys as environment variables
• Secrets management: Use AWS Secrets Manager, Azure Key Vault, etc.
• Never hardcode: Don't put keys directly in code
• Don't commit: Add to .gitignore if in config files

Understanding URL structure is essential for API usage:

Base URL

https://api.tadabase.io/api/v1

Components:

• Protocol: https:// (always HTTPS, never HTTP)
• Domain: api.tadabase.io
• Version: /api/v1 (current version)

Resource Endpoints

Table records:

GET    /tables/{table_id}/records        # List all records
GET    /tables/{table_id}/records/{id}  # Get specific record
POST   /tables/{table_id}/records        # Create new record
PUT    /tables/{table_id}/records/{id}  # Update record (full)
PATCH  /tables/{table_id}/records/{id}  # Update record (partial)
DELETE /tables/{table_id}/records/{id}  # Delete record

Finding table IDs:

1. Go to Builder → Data Tables
2. Click on table name
3. Look in URL or table settings for table ID
4. Example: abc123def456

Complete URL Examples

Get all records from Customers table:

https://api.tadabase.io/api/v1/tables/abc123/records

Get specific customer record:

https://api.tadabase.io/api/v1/tables/abc123/records/rec_xyz789

Create new customer:

POST to: https://api.tadabase.io/api/v1/tables/abc123/records

Every API request follows a consistent structure:

Request Components

1. HTTP Method

• Determines the operation (GET, POST, PUT, PATCH, DELETE)
• Specified in request

2. URL

• Complete endpoint URL
• Includes table ID and optionally record ID
• May include query parameters

3. Headers

• Required headers:

  Authorization: Bearer YOUR_API_KEY
  Content-Type: application/json
  

• Optional headers:

  Accept: application/json
  

4. Body (for POST/PUT/PATCH)

• JSON data being sent
• Contains field values
• Only for operations that modify data

Example Requests

GET request (retrieve records):

GET https://api.tadabase.io/api/v1/tables/abc123/records
Headers:
  Authorization: Bearer YOUR_API_KEY
  Content-Type: application/json

POST request (create record):

POST https://api.tadabase.io/api/v1/tables/abc123/records
Headers:
  Authorization: Bearer YOUR_API_KEY
  Content-Type: application/json
Body:
{
  "field_1": "John Smith",
  "field_2": "john@email.com",
  "field_3": "555-1234"
}

PUT request (update record):

PUT https://api.tadabase.io/api/v1/tables/abc123/records/rec_xyz789
Headers:
  Authorization: Bearer YOUR_API_KEY
  Content-Type: application/json
Body:
{
  "field_1": "John Smith",
  "field_2": "john.smith@newemail.com",
  "field_3": "555-5678"
}

DELETE request (delete record):

DELETE https://api.tadabase.io/api/v1/tables/abc123/records/rec_xyz789
Headers:
  Authorization: Bearer YOUR_API_KEY

Request with cURL

GET request:

curl -X GET "https://api.tadabase.io/api/v1/tables/abc123/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

POST request:

curl -X POST "https://api.tadabase.io/api/v1/tables/abc123/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "field_1": "John Smith",
    "field_2": "john@email.com",
    "field_3": "555-1234"
  }'

PUT request:

curl -X PUT "https://api.tadabase.io/api/v1/tables/abc123/records/rec_xyz789" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "field_2": "john.smith@newemail.com"
  }'

DELETE request:

curl -X DELETE "https://api.tadabase.io/api/v1/tables/abc123/records/rec_xyz789" \
  -H "Authorization: Bearer YOUR_API_KEY"

Understanding API responses helps you process data correctly:

HTTP Status Codes

Success codes (2xx):

• 200 OK: Request succeeded
• 201 Created: Record created successfully
• 204 No Content: Success with no response body (delete operations)

Client error codes (4xx):

• 400 Bad Request: Invalid request format or data
• 401 Unauthorized: Missing or invalid API key
• 403 Forbidden: Insufficient permissions
• 404 Not Found: Table or record doesn't exist
• 422 Unprocessable Entity: Validation failed
• 429 Too Many Requests: Rate limit exceeded

Server error codes (5xx):

• 500 Internal Server Error: Server-side error
• 503 Service Unavailable: Temporary service issue

Response Format

Successful GET request (list records):

{
  "data": [
    {
      "id": "rec_abc123",
      "field_1": "John Smith",
      "field_2": "john@email.com",
      "field_3": "555-1234",
      "date_created": "2026-01-28T10:30:00Z",
      "date_modified": "2026-01-28T10:30:00Z"
    },
    {
      "id": "rec_def456",
      "field_1": "Jane Doe",
      "field_2": "jane@email.com",
      "field_3": "555-5678",
      "date_created": "2026-01-28T11:00:00Z",
      "date_modified": "2026-01-28T11:00:00Z"
    }
  ],
  "total": 2,
  "page": 1,
  "per_page": 50
}

Successful GET request (single record):

{
  "data": {
    "id": "rec_abc123",
    "field_1": "John Smith",
    "field_2": "john@email.com",
    "field_3": "555-1234",
    "date_created": "2026-01-28T10:30:00Z",
    "date_modified": "2026-01-28T10:30:00Z"
  }
}

Successful POST request (created record):

{
  "data": {
    "id": "rec_ghi789",
    "field_1": "Bob Johnson",
    "field_2": "bob@email.com",
    "field_3": "555-9999",
    "date_created": "2026-01-28T12:00:00Z",
    "date_modified": "2026-01-28T12:00:00Z"
  },
  "message": "Record created successfully"
}

Error response:

{
  "error": {
    "code": 400,
    "message": "Bad Request",
    "details": "field_2 must be a valid email address"
  }
}

Parsing Responses

JavaScript example:

fetch('https://api.tadabase.io/api/v1/tables/abc123/records', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
})
.then(response => {
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  return response.json();
})
.then(data => {
  console.log('Total records:', data.total);
  data.data.forEach(record => {
    console.log('Name:', record.field_1);
    console.log('Email:', record.field_2);
  });
})
.catch(error => {
  console.error('Error:', error);
});

Python example:

import requests

headers = {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.tadabase.io/api/v1/tables/abc123/records',
    headers=headers
)

if response.status_code == 200:
    data = response.json()
    print(f"Total records: {data['total']}")
    for record in data['data']:
        print(f"Name: {record['field_1']}")
        print(f"Email: {record['field_2']}")
else:
    print(f"Error: {response.status_code}")
    print(response.json())

Tadabase uses field slugs to identify fields in API requests:

Finding Field Slugs

1. Navigate to table:
   • Go to Builder → Data Tables
   • Click on table name
2. View field settings:
   • Click on field name
   • Look for "Field Slug" or "API Field Name"
   • Example: field_1, customer_name, email_address
3. Or make a GET request:
   • Retrieve a record
   • Inspect response to see field names
   • Response shows actual field slugs used

Using Field Slugs

In request body:

{
  "field_1": "Value for field 1",
  "customer_name": "John Smith",
  "email_address": "john@email.com"
}

In response data:

{
  "data": {
    "id": "rec_abc123",
    "field_1": "Value",
    "customer_name": "John Smith",
    "email_address": "john@email.com"
  }
}

Field Type Considerations

Different field types have different formats: Text fields:

"field_1": "Text value"

Number fields:

"field_2": 123.45

Date fields:

"field_3": "2026-01-28"

Date/time fields:

"field_4": "2026-01-28T10:30:00Z"

Checkbox (boolean):

"field_5": true

Dropdown (single select):

"field_6": "Option 1"

Multi-select:

"field_7": ["Option 1", "Option 2", "Option 3"]

Connection field (related record):

"field_8": "rec_xyz789"  // Record ID of related record

Tadabase implements rate limits to ensure system stability:

Current Limits

• Requests per minute: 60 requests per minute per API key
• Concurrent requests: 10 simultaneous requests
• Daily limit: 10,000 requests per day (may vary by plan)

Rate Limit Headers

Response includes rate limit information:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 55
X-RateLimit-Reset: 1737978660

• Limit: Total requests allowed per window
• Remaining: Requests remaining in current window
• Reset: Unix timestamp when limit resets

Handling Rate Limits

When limit exceeded (429 response):

{
  "error": {
    "code": 429,
    "message": "Too Many Requests",
    "details": "Rate limit exceeded. Please wait before making more requests.",
    "retry_after": 30
  }
}

Best practices:

• Monitor headers: Track remaining requests
• Implement backoff: Wait when approaching limit
• Batch operations: Combine multiple operations when possible
• Cache data: Store frequently accessed data locally
• Respect retry_after: Wait specified time before retrying

Example with rate limit handling:

async function makeRequest(url, options) {
  const response = await fetch(url, options);

  // Check rate limit headers
  const remaining = response.headers.get('X-RateLimit-Remaining');

  if (remaining 

Robust error handling ensures reliable API integrations:

Error Types

1. Authentication errors (401, 403)

• Cause: Invalid or missing API key
• Solution: Verify API key is correct and has necessary permissions

2. Validation errors (422)

• Cause: Data doesn't meet field validation requirements
• Solution: Check field constraints and fix data

3. Not found errors (404)

• Cause: Table or record doesn't exist
• Solution: Verify IDs are correct

4. Rate limit errors (429)

• Cause: Too many requests
• Solution: Implement backoff and retry logic

5. Server errors (500, 503)

• Cause: Temporary server issues
• Solution: Implement retry with exponential backoff

Error Handling Pattern

JavaScript example:

async function apiRequest(url, options) {
  try {
    const response = await fetch(url, options);

    // Handle HTTP errors
    if (!response.ok) {
      const error = await response.json();

      switch (response.status) {
        case 401:
          throw new Error('Authentication failed. Check API key.');
        case 403:
          throw new Error('Insufficient permissions.');
        case 404:
          throw new Error('Resource not found.');
        case 422:
          throw new Error(`Validation failed: ${error.details}`);
        case 429:
          throw new Error('Rate limit exceeded. Please retry later.');
        case 500:
        case 503:
          throw new Error('Server error. Please retry.');
        default:
          throw new Error(`API error: ${response.status}`);
      }
    }

    return await response.json();

  } catch (error) {
    console.error('API request failed:', error);
    throw error;
  }
}

Python example:

import requests
import time

def api_request(url, method='GET', data=None, max_retries=3):
    headers = {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    }

    for attempt in range(max_retries):
        try:
            response = requests.request(
                method,
                url,
                headers=headers,
                json=data
            )

            if response.status_code == 401:
                raise Exception('Authentication failed')
            elif response.status_code == 429:
                retry_after = int(response.headers.get('Retry-After', 60))
                time.sleep(retry_after)
                continue
            elif response.status_code >= 500:
                if attempt 

Several tools help test and develop API integrations:

1. Tadabase API Tester

• Built into Tadabase Builder
• Go to Builder → Settings → API → API Tester
• Test endpoints without coding
• See request/response in real-time

2. Postman

• Popular API development tool
• Create and save requests
• Organize into collections
• Share with team
• Automate testing

Setting up Postman for Tadabase:

1. Create new request
2. Set URL to Tadabase endpoint
3. Add Authorization header with Bearer token
4. Set Content-Type to application/json
5. Add request body for POST/PUT
6. Send and review response

3. cURL

• Command-line tool
• Quick testing from terminal
• Easy to script
• Available on all platforms

4. Insomnia

• Alternative to Postman
• Clean interface
• Good for GraphQL too
• Free and open-source option

Follow these guidelines for successful API integrations:

Security

• Secure API keys: Never expose in client-side code
• Environment variables: Store keys in environment variables
• HTTPS only: Always use HTTPS, never HTTP
• Minimum permissions: Grant only necessary access
• Rotate keys: Change keys periodically

Reliability

• Error handling: Implement comprehensive error handling
• Retry logic: Retry failed requests with backoff
• Rate limit respect: Monitor and respect rate limits
• Timeout handling: Set appropriate timeouts
• Logging: Log all API interactions

Performance

• Batch operations: Use batch endpoints when available
• Pagination: Use pagination for large datasets
• Caching: Cache frequently accessed data
• Filters: Use API filters to reduce data transfer
• Parallel requests: Make independent requests in parallel

Development

• Test environment: Use separate app for testing
• Documentation: Document your API usage
• Version control: Track API integration code
• Monitoring: Monitor API usage and errors

You now understand the fundamentals of the Tadabase REST API. The next article covers practical API operations—specifically how to retrieve, create, update, and delete records using the API.

Remember these core concepts:

• Purpose: Programmatic access to Tadabase data and functionality
• Authentication: Use API keys in Authorization header
• HTTP methods: GET (read), POST (create), PUT/PATCH (update), DELETE (remove)
• Response format: JSON with data and metadata
• Status codes: 2xx success, 4xx client error, 5xx server error
• Rate limits: Respect limits and implement backoff
• Error handling: Always handle errors gracefully
• Security: Protect API keys, use HTTPS, minimum permissions