The Doppler API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
The API uses Doppler tokens to authenticate requests. You can generate and manage your tokens in the dashboard on the Tokens page.
Tokens carry many privileges, so be sure to keep them secure! Do not store your secret tokens in an
.envfile or share them in publicly accessible areas such as GitHub, client-side code, etc.
There are two types of tokens:
- Full read/write access to all resources on your account
- Generated from the Doppler Dashboard > Tokens > Personal
- Read-only access to a specific config
- Generated from the Doppler Dashboard > Project > Config > Access
Authentication to the API is performed via HTTP Basic Access Authentication. Provide your token as the basic auth username. You do not need to provide a password but you may provide any value if your HTTP client requires it.
All API requests must be made over HTTPS. Calls made over plain HTTP will redirect to HTTPS. API requests without authentication may also fail.
Doppler's servers enforce rate limits to ensure our APIs are responsive as we grow. The first rate limit is tied to an individual IP address and set to 120 requests per minute. The second rate limit is tied to an individual API key and set to 120 requests per minute. Most of the time these rate limits overlap but can differ when you take into account failed authorization attempts. If your team would like a higher rate limit, please reach out to our sales team.
Doppler uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.). Codes in the 5xx range indicate an error with Doppler's servers (these are rare).