Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.origami.chat/llms.txt

Use this file to discover all available pages before exploring further.

The Origami API uses API keys for authentication. Each key is scoped to your organization and has access to all tables and workspaces within it.

Creating an API key

  1. Go to Settings → API Keys in the Origami app
  2. Click Create API Key
  3. Give it a descriptive name (e.g. “n8n integration”, “CRM sync”)
  4. Copy the key immediately — it’s shown only once
API keys follow the format: 
og_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789abcd
The og_live_ prefix makes keys identifiable in leaked credential scans (GitHub secret scanning, GitGuardian, etc.).

Using your API key

Pass the key in the Authorization header as a Bearer token: 
curl https://origami.chat/api/v1/tables \
  -H "Authorization: Bearer og_live_YOUR_KEY"
Every request must include this header. Requests without a valid key return 401 Unauthorized.

Key management

  • Multiple keys: Create as many keys as you need — one per integration is recommended.
  • Revocation: Revoke a key anytime from the API Keys settings page. Revoked keys return 401 immediately.
  • Rotation: To rotate a key, create a new one, update your integration, then revoke the old one.
  • Identification: The UI shows the last 4 characters of each key for identification.

Security best practices

Never commit API keys to source control. Use environment variables or a secrets manager.
  • Store keys in environment variables (ORIGAMI_API_KEY) or a secrets manager
  • Use separate keys for development and production
  • Revoke keys immediately if they may have been exposed
  • Review the API Keys settings page periodically and remove unused keys

Rate limits

All endpoints are rate-limited per organization. Every API key in your organization shares the same quota.
ScopeLimit
Per organization, all endpoints100 requests / minute
Per organization, POST /tables/{tableId}/rows10 requests / minute
Rate limits use a sliding window. If you hit the limit, wait for the window to reset rather than retrying immediately.
When rate-limited, the API returns 429 Too Many Requests. Every response includes headers so you can track your usage proactively:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets