Welcome to the Orbit App API documentation! Here you can explore and test all available endpoints for the App API.

Authentication

Orbit App API uses secure authentication to protect your data and services. Most endpoints require either an API key, a JWT token, or OAuth2 access token.

JWT Authentication via /jwt: Trusted partner apps can authenticate users by POSTing a signed request to /jwt with organization, account, and user details. Orbit will validate the request, auto-create users/orgs/accounts as needed, and return a signed JWT token for session authentication.

• Required fields: platform, org_id, account_id, user_id, email, name, roles
• Requests must include a valid x-api-key header (assigned per partner app)
• JWTs are generated and signed by Orbit, expiring after 1 hour
• Only users at the organization level and below may authenticate via JWT
• All login attempts are logged and rate-limited