Skip to main content

Base URLs

EnvironmentBase URL
Productionhttps://seggwat.com/api/v1
Staginghttps://seggwat.oxidt.com/api/v1

Authentication

SeggWat uses Organization Access Tokens (OAT) to authenticate API requests. These tokens grant access to all projects within your organization.

Creating an API Token

  1. Log in to the SeggWat Dashboard
  2. Navigate to Settings from the sidebar
  3. Click on API Tokens tab
  4. Click Create New Token
  5. (Optional) Add a label to identify the token (e.g., “Production Server”, “CI/CD Pipeline”)
  6. Copy the generated token immediately - it will only be shown once
API tokens are shown only once when created. Store them securely in your environment variables or secrets manager. If you lose a token, you’ll need to create a new one.

Using the API Token

Include your token in the X-API-Key header for all authenticated requests: 
X-API-Key: oat_xxxxxxxxxxxxxxxxxxxxx

curl -X GET "https://seggwat.com/api/v1/projects/{project_id}/feedback" \
  -H "X-API-Key: oat_xxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Token Format

Organization Access Tokens follow the format:
  • Prefix: oat_ (Organization Access Token)
  • Key: 43 URL-safe random characters
Example: oat_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v

Managing Tokens

From the API Tokens settings page, you can:
ActionDescription
CreateGenerate a new token with an optional label
ViewSee token prefix, label, creation date, and last used timestamp
RevokeDisable a token (soft-delete, keeps history)
DeletePermanently remove a token

Security Best Practices

Never hardcode tokens in your source code. Use environment variables or a secrets manager:
export SEGGWAT_API_KEY=oat_xxxxxxxxxxxxxxxxxxxxx
Create new tokens periodically and revoke old ones to minimize exposure risk.
Label tokens by their purpose (e.g., “Production”, “Staging”, “CI/CD”) to easily identify and manage them.
Check the “Last Used” timestamp in the dashboard to identify unused or potentially compromised tokens.

Error Responses

Status CodeDescription
401 UnauthorizedMissing, invalid, or revoked API token
403 ForbiddenToken valid but lacks permission for the requested resource

Content Types

The SeggWat API always accepts JSON in request bodies and returns JSON in response bodies. Always include the Content-Type: application/json header in requests.