The Doppler API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. We support cross-origin resource sharing, allowing you to interact securely with our API from a client-side web application (though you should never expose your secret API key in any public website's client-side code). JSON is returned by all API responses, including errors.
Be sure to subscribe to Doppler's API announce mailing list to receive information on new additions and changes to Doppler's API.
Authenticate your account by including your secret key in API requests. You can find your API key in your account page. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such GitHub, client-side code, and so forth.
All API requests must be made over HTTPS. Calls made over plain HTTP will be redirected to HTTPS. API requests without authentication will also fail.
Doppler uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, parameter was an invalid type, etc.). Codes in the 5xx range indicate an error with Doppler's servers (these are rare).
Everything worked as expected.
The request was unacceptable, often due to missing a required parameter.
No valid API key provided.
The requested resource doesn't exist.
Too Many Requests
Too many requests hit the API too quickly. We recommend an exponential backoff of your requests and checking our rate limit header
Our API timed out because something went wrong.
Something went wrong on Doppler's end. (These are rare.)