> ## Documentation Index
> Fetch the complete documentation index at: https://cobalt-55-abhishek.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# API Reference

> Programmatically manage linked accounts, trigger workflows, configure integrations, and automate operations in Refold.

The Refold API provides RESTful endpoints to manage your integration platform programmatically. You can create and manage linked accounts, trigger workflow executions, configure integrations, handle webhooks, manage persistent data, and interact with MCP servers.

<Info>
  All API requests use the base URL `https://app.refold.ai`. We've updated our domain to `app.refold.ai` from `app.refold.ai` — existing `app.refold.ai` requests will continue to work until it is decommissioned at a later date.
</Info>

## Authentication

Refold supports two authentication methods. Which one applies depends on whether the endpoint is **org-level** or **linked-account-level**:

* **Org-level** endpoints (e.g. managing linked accounts, webhooks, variable definitions) use your **API key** only.
* **Linked-account-level** endpoints (e.g. configs, workflows, executions, MCP servers) operate in the context of one linked account — authenticate with your **API key + `linked_account_id`**, or with a **session token**.

<AccordionGroup>
  <Accordion title="API Key Authentication" icon="key">
    Use API-key authentication for server-side operations where your key stays secure.

    <ParamField header="x-api-key" type="string" required>
      Your Refold API key.
    </ParamField>

    <ParamField header="linked_account_id" type="string">
      The linked account to act on. Required for linked-account-level endpoints; omit it for org-level endpoints.
    </ParamField>

    ```bash theme={null}
        curl -X GET https://app.refold.ai/api/v2/public/application \
          -H "x-api-key: YOUR_API_KEY" \
          -H "linked_account_id: YOUR_LINKED_ACCOUNT_ID"
    ```

    **Finding your API Key:**
    Navigate to **Settings → Credentials** in your Refold dashboard. You can copy the API key for either the Test or Production environment.

    <Frame>
      <img src="https://mintcdn.com/cobalt-55-abhishek/0vieBvC3DvwxUCgP/images/getting_api.png?fit=max&auto=format&n=0vieBvC3DvwxUCgP&q=85&s=2a3ef3123fffa00ea6361496a0c427c3" alt="Getting your API Key from Refold dashboard" width="2922" height="1838" data-path="images/getting_api.png" />
    </Frame>
  </Accordion>

  <Accordion title="Session Token Authentication" icon="shield-check">
    Use session-token authentication for frontend / hosted implementations where you cannot expose your API key. A session token is **scoped to a single linked account**, so it replaces both the `x-api-key` and `linked_account_id` headers.

    <ParamField header="Authorization" type="string" required>
      Bearer token using your session token.

      **Format:** `Bearer YOUR_SESSION_TOKEN`
    </ParamField>

    ```bash theme={null}
        curl -X GET https://app.refold.ai/api/v2/public/workflow/enabled \
          -H "Authorization: Bearer YOUR_SESSION_TOKEN"
    ```

    **Where it applies:** linked-account-level endpoints — configs, config fields, workflows, executions, MCP servers, events, datastores, hosted Connect, and more. Because a session token represents one customer, it is **not** accepted for org-admin operations such as managing linked accounts, webhooks, or variable definitions.

    Generate a session token with the [Generate Session Token](/legacy/api-reference/session-tokens/generate-session-token) endpoint.
  </Accordion>
</AccordionGroup>

## Rate Limits

The Refold API enforces rate limits to ensure fair usage across all users.

| Limit Type    | Value                                    |
| ------------- | ---------------------------------------- |
| Standard Rate | 20 requests per second                   |
| Burst Rate    | 5 requests in an instant within a second |

When you exceed rate limits, the API returns a `429 Too Many Requests` response. Implement exponential backoff in your retry logic to handle rate limiting gracefully.

## API Resources

<CardGroup cols={2}>
  <Card title="Linked Accounts" icon="user" href="/legacy/api-reference/linked-accounts/list-linked-accounts">
    Create and manage end-users who connect their third-party accounts through your integration.
  </Card>

  <Card title="Applications" icon="grid-2" href="/legacy/api-reference/applications/list-applications">
    Discover the integrations enabled in your account and a linked account's connection status.
  </Card>

  <Card title="Auth Structure & OAuth" icon="lock" href="/legacy/api-reference/auth-structure/get-auth-structure">
    Inspect an app's auth fields and build OAuth authorization URLs.
  </Card>

  <Card title="Credentials" icon="key" href="/legacy/api-reference/credentials/save-key-credentials">
    Save key-based credentials and migrate existing auth onto an integration.
  </Card>

  <Card title="Session Tokens" icon="ticket" href="/legacy/api-reference/session-tokens/generate-session-token">
    Issue scoped tokens for secure frontend authentication.
  </Card>

  <Card title="Hosted Connect" icon="browser" href="/legacy/api-reference/connect/create-connect-url">
    Generate hosted Connect URLs for end-user authentication flows.
  </Card>

  <Card title="Webhooks" icon="webhook" href="/legacy/api-reference/webhooks/create-webhook">
    Subscribe to real-time notifications when events occur in Refold.
  </Card>

  <Card title="Configs & Config Fields" icon="sliders" href="/legacy/api-reference/configs/create-config">
    Install and configure apps per linked account, and set field values.
  </Card>

  <Card title="Events" icon="bolt" href="/legacy/api-reference/events/trigger-event">
    Define custom events and fire them to start workflows.
  </Card>

  <Card title="Workflows" icon="diagram-project" href="/legacy/api-reference/workflows/list-workflows">
    Manage public (org/slug-level) and private (linked-account) workflows, then publish and execute them.
  </Card>

  <Card title="Executions" icon="play" href="/legacy/api-reference/executions/list-executions">
    Retrieve details, status, and node output of workflow executions.
  </Card>

  <Card title="Schedule" icon="clock" href="/legacy/api-reference/schedule/register-schedule">
    Run workflows on cron or interval triggers.
  </Card>

  <Card title="Datarefs" icon="database" href="/legacy/api-reference/datarefs/list-datarefs">
    Manage named reference-data tables for a linked account.
  </Card>

  <Card title="Persistent Tables" icon="table" href="/legacy/api-reference/persistent-tables/list-tables">
    Create API-managed tables, columns, and records.
  </Card>

  <Card title="Environment Variables" icon="rectangle-code" href="/legacy/api-reference/environment-variables/list-definitions">
    Manage variable definitions and scoped values.
  </Card>

  <Card title="MCP Servers" icon="robot" href="/legacy/api-reference/mcp-servers/list-mcp-servers">
    Expose integrations and chains as tools for AI agents.
  </Card>

  <Card title="Human Tasks" icon="list-check" href="/legacy/api-reference/human-tasks/get-human-task">
    Retrieve and submit public human-in-the-loop forms.
  </Card>
</CardGroup>

## Error Handling

The API returns standard HTTP status codes and a consistent error response shape:

```json theme={null}
{
  "status_code": 401,
  "http_error_type": "UNAUTHORIZED",
  "error": "SERVER_ERROR",
  "message": "Invalid Credentials"
}
```

<Note>
  Most services return the internal code in an `error` field; a few endpoints return it as `error_code` instead. Both carry the same meaning.
</Note>

| Status Code | Description                                                  |
| ----------- | ------------------------------------------------------------ |
| `200`       | Request succeeded                                            |
| `400`       | Bad request. Check your request parameters.                  |
| `401`       | Authentication failed. Verify your API key or session token. |
| `404`       | Resource not found                                           |
| `429`       | Rate limit exceeded. Implement backoff and retry.            |
| `500`       | Internal server error. Contact support if persistent.        |

## What's Next

<CardGroup cols={3}>
  <Card title="Create a Linked Account" icon="user-plus" href="/legacy/api-reference/linked-accounts/create-linked-account">
    Set up your first end-user to start building integrations.
  </Card>

  <Card title="Trigger a Workflow" icon="bolt" href="/legacy/api-reference/events/trigger-event">
    Learn how to execute workflows programmatically.
  </Card>

  <Card title="Explore SDKs" icon="code" href="/legacy/api-reference/sdks">
    Use our Node.js, React, or JavaScript SDKs for faster development.
  </Card>
</CardGroup>
