All API requests use the base URL
https://app.refold.ai. We’ve updated our domain to app.refold.ai from app.refold.ai — existing app.refold.ai requests will continue to work until it is decommissioned at a later date.Authentication
Refold supports two authentication methods. Which one applies depends on whether the endpoint is org-level or linked-account-level:- Org-level endpoints (e.g. managing linked accounts, webhooks, variable definitions) use your API key only.
- Linked-account-level endpoints (e.g. configs, workflows, executions, MCP servers) operate in the context of one linked account — authenticate with your API key +
linked_account_id, or with a session token.
API Key Authentication
API Key Authentication
Use API-key authentication for server-side operations where your key stays secure.Finding your API Key:
Navigate to Settings → Credentials in your Refold dashboard. You can copy the API key for either the Test or Production environment.
Your Refold API key.
The linked account to act on. Required for linked-account-level endpoints; omit it for org-level endpoints.

Session Token Authentication
Session Token Authentication
Use session-token authentication for frontend / hosted implementations where you cannot expose your API key. A session token is scoped to a single linked account, so it replaces both the Where it applies: linked-account-level endpoints — configs, config fields, workflows, executions, MCP servers, events, datastores, hosted Connect, and more. Because a session token represents one customer, it is not accepted for org-admin operations such as managing linked accounts, webhooks, or variable definitions.Generate a session token with the Generate Session Token endpoint.
x-api-key and linked_account_id headers.Bearer token using your session token.Format:
Bearer YOUR_SESSION_TOKENRate Limits
The Refold API enforces rate limits to ensure fair usage across all users.| Limit Type | Value |
|---|---|
| Standard Rate | 20 requests per second |
| Burst Rate | 5 requests in an instant within a second |
429 Too Many Requests response. Implement exponential backoff in your retry logic to handle rate limiting gracefully.
API Resources
Linked Accounts
Create and manage end-users who connect their third-party accounts through your integration.
Applications
Discover the integrations enabled in your account and a linked account’s connection status.
Auth Structure & OAuth
Inspect an app’s auth fields and build OAuth authorization URLs.
Credentials
Save key-based credentials and migrate existing auth onto an integration.
Session Tokens
Issue scoped tokens for secure frontend authentication.
Hosted Connect
Generate hosted Connect URLs for end-user authentication flows.
Webhooks
Subscribe to real-time notifications when events occur in Refold.
Configs & Config Fields
Install and configure apps per linked account, and set field values.
Events
Define custom events and fire them to start workflows.
Workflows
Manage public (org/slug-level) and private (linked-account) workflows, then publish and execute them.
Executions
Retrieve details, status, and node output of workflow executions.
Schedule
Run workflows on cron or interval triggers.
Datarefs
Manage named reference-data tables for a linked account.
Persistent Tables
Create API-managed tables, columns, and records.
Environment Variables
Manage variable definitions and scoped values.
MCP Servers
Expose integrations and chains as tools for AI agents.
Human Tasks
Retrieve and submit public human-in-the-loop forms.
Error Handling
The API returns standard HTTP status codes and a consistent error response shape:Most services return the internal code in an
error field; a few endpoints return it as error_code instead. Both carry the same meaning.| Status Code | Description |
|---|---|
200 | Request succeeded |
400 | Bad request. Check your request parameters. |
401 | Authentication failed. Verify your API key or session token. |
404 | Resource not found |
429 | Rate limit exceeded. Implement backoff and retry. |
500 | Internal server error. Contact support if persistent. |
What’s Next
Create a Linked Account
Set up your first end-user to start building integrations.
Trigger a Workflow
Learn how to execute workflows programmatically.
Explore SDKs
Use our Node.js, React, or JavaScript SDKs for faster development.