Overview

SlashApi is a web platform to build REST APIs fast without having to write any backend code yourself, you will gain instantly access to a fully operational API.

How SlashApi works

  1. Connect a data source - This can be a database like PostgreSQL or MySQL, a business app, file storage (dropbox, FTP or SFTP) or a tools (HTML to PDF, Website Screenshot, etc)
  2. Create an API - No need to build queries or logic with SQL or write any backend code with SlashApi. We provide the easiest way to setup an API.
  3. Consume your API - Your API will be ready in a few clicks.

Creating your API

SlashApi allows you to integrate with all common apps and tools through RESTful API in a few clicks. The process of creating a RESTful API consist of 2 simple steps:

  1. Choose your data source that you want to integrate with SlashApi
  2. Connect your data source by fill out the creation form
To connect with SlashAPI, your data source must be publicly accessible and configured to accept connections from SlashAPI's IP Addresses.

Securing your credentials

Some of services require a set of credentials e.g PostgreSQL, MySQL, FTP, SFTP, etc to allow us connect with them. You'll need to provide this credentials so SlashApi can connect to and interact with underlying data source. These credentials are stored in the system and encrypted using AES-256 encryption. These credentials are decrypted on-the-fly when SlashApi trying to connect to the destination data source.

Making Requests to the API

Once you've setup your API endpoint, you can start making request to your API. SlashAPI turns any data into something called Restful JSON API. It means you can access your 3rd-party services data in a standard way using simple URLs and HTTP requests.

Requests

Host

The host for Web API v1 requests is always https://v1.slashapi.com/

Http Verbs

The HTTP verbs comprise a major portion of our “uniform interface” constraint and provide us the action counterpart to the noun-based resource. The primary or most-commonly-used HTTP verbs (or methods, as they are properly called) are POST, GET, PUT, PATCH, and DELETE.

Verb Description
GET Retrieve a resource or group of resources
POST Create a new resource
PUT Update an existing resource
PATCH Update an existing resource
DELETE Delete an existing resource

URL Structure

SlashApi URLs are made up by three components: team, service and identifier

https://v1.slashapi.com/<team>/<service>/<identifier>

Authentication

Authentication is the way the backend handles user's request and limit which areas of your API they may be used to access.

By default SlashApi has no authentication enabled on your API as this is usually suitable for most use cases (as long as the data isn't sensitive). However, you can setup API authentication on your dashboard.

API Token

SlashApi supports the use of API Token. Api Token add an additional layer of security for your API and can be assigned specific permissions to limit which areas of your API they may be used to access. Api Token can be generated in your API endpoint.

To authenticate your requests using API Token, you only need to provide set a plain text header named "X-API-KEY" with the content of the header being "XXX" where XXX is your API Token.

curl -X "GET" "https://v1.slashapi.com/your-team/service/identifier" \
    -H "X-API-KEY: Your.API.Key-HERE" \
    -H "Content-Type: application/json"

Bearer Authentication

When creating an application, there is always a problem of implementing login and registration. With SlashApi, you get them out of the box.

Bearer authentication is an HTTP authentication scheme that involves security tokens called bearer tokens. The bearer token is a cryptic string, and generated by the server in response to a login request. You must send this token in the Authorization header when making requests to protected resources:

Authorization: Bearer <token>
Getting the Token

To get the token, you must setup Authentication API first. SlashAPI use Authentication API to register and login your user.

Using this Token

Once, you get the token from the login request response. You must send this token in the Authorization header when making requests.

curl -X "GET" "https://v1.slashapi.com/your-team/service/identifier" \
    -H "Authorization: Bearer Your.Token-HERE" \
    -H "Content-Type: application/json"

Data Validation

Before submitting data to the API endpoint, it is important to ensure all required form controls are filled out in the correct format. You can validate the input on the client-side, However, client-side validation should not be considered an exhaustive security measure. Client-side validation is too easy to bypass, so malicious users can still easily send bad data to your API endpoint. Your API should always perform security checks on any submitted data on the server-side.

Looking to the case above, SlashApi provides a way to validate input coming to your API. This custom validation will be useful when you build an API with dynamic fields like Database API (PostgreSQL, MySQL, MongoDB), Google Sheets, Airtable, etc.

Learn more about Data Validation.

Rate Limit

An API rate limit is the number of API calls you can make in a given time period. When this limit is reached, any API call made by your front-end will fail until the time period passes.

When these rate limits are exceeded, a 429 'Too many requests' error is returned from the endpoint.

Rate Limits per Month

The following table lists the monthly rate limits for SlashApi plans.

Plan Rate Limit /month
Free 1,000
Personal 100,000
Startup 400,000
Growth 1,000,000

Rate Limits per Minute

We also limit request for each API per minute. The following table lists the rate limits per minute for SlashApi plans.

Plan Rate Limit /minute
Free 60
Personal 250
Startup 500
Growth 1,000

HTTP headers and response codes

Each request contains rate limit information in the HTTP response headers. You can use this HTTP headers in order to understand where the application is at for a given rate limit.

HTTP Header Description
X-RateLimit-Limit Total request that can be used in a minute.
X-RateLimit-Remaining Total request remaining for the API in a minute
X-RateLimit-Reset Timestamp (unix epoch) for when the limit will be reset.
X-RateLimit-MonthlyLimit Total request that can be used in a month.
X-RateLimit-MonthlyRemaining Total request remaining for the API in a month
X-RateLimit-MonthlyReset Timestamp (unix epoch) for when the limit will be reset.

Explore Our Collections

Explore our guides and examples to integrate with SlashApi.