Stavent
Stavent
Documentation
Demo

API Authentication

Authenticate with personal access tokens, OAuth apps, and scoped permissions.

Auth methods

  • Personal access tokens (PAT) — fastest for server-to-server integrations.
  • OAuth apps — best when acting on behalf of a user.
  • Webhook signing - authenticate inbound events from Stavent.
Warning
Treat tokens like passwords. Rotate them regularly and store them in your secret manager.

Scopes

Scopes limit what a token can do. Create narrow tokens for each integration and avoid “god tokens”.

ScopeAllows
tickets:readRead ticket metadata and transcripts.
tickets:writeCreate, update, and close tickets.
audit:readRead audit log events.
webhooks:manageCreate and rotate webhook endpoints.

Rate limits

The API returns rate limit info via headers:

Rate limit headers
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1735516800

Errors

Errors are returned with an error object and a stable code you can key on.

Error payload
{
  "error": {
    "code": "invalid_request",
    "message": "Missing required field: priority",
    "requestId": "req_01H..."
  }
}
Previous
Dashboards & SLAs
Next
REST API
Found an issue? Send feedback.