Skip to main content

Base host

Base URL: 
https://api.trailflow.ai
Trailflow uses one production host for both test and live traffic. The API contract and route surface stay the same across both modes. Trailflow does not provide a separate public sandbox hostname. Partners should plan validation around test keys and partner-owned non-production webhook endpoints.

Access approval

Each customer organization moves through one of these Partner API access states:
  • not enabled — partner access is not approved yet
  • test access enabled — approved partner users may use test keys only
  • live access enabled — approved partner users may use both test and live keys
  • disabled — previously issued keys are blocked until access is restored
Trailflow enables access at the organization level first. After that:
  • approved partner admins may self-serve additional test keys from the authenticated partner portal
  • Trailflow may provide the first test key during onboarding when that is easier for the integration team
  • live keys stay Trailflow-managed and are issued only after production approval

Test mode

Use test keys for setup, UAT, and partner-side validation. What test mode means in practice:
  • same host and same request or response schemas as live mode
  • access is limited to organizations with partner test or live access enabled
  • requests still operate on Trailflow-managed org data for that approved customer; test mode is credential-scoped validation, not a separate sandbox data plane
  • partners should point webhooks to non-production endpoints they control
  • rate limits are configured per key and can differ by client, not by mode

Live mode

Use live keys only for approved production traffic. Live mode requires:
  • live access enabled for the customer organization
  • Trailflow approval for production cutover
  • Trailflow-issued live credentials

What partners should expect

Approved partners should expect:
  • an additive-first API contract published through OpenAPI-backed reference docs
  • request and error envelopes with requestId for troubleshooting
  • explicit per-key rate limits
  • documented webhook retries and replay support after remediation
  • support-guided promotion from test to live access