The Doppler API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Authentication

Doppler's API uses high entropy tokens to authenticate requests.

🚧

Tokens can carry many privileges, so be sure to keep them secure! Do not store your secret tokens in an .env file or share them in publicly accessible areas such as GitHub, client-side code, etc.

There are six types of tokens:

CLI Tokens

  • Provide read/write access to all resources on your account
  • Generated via the login command in the Doppler CLI

Personal Tokens

  • Provide read/write access to all resources on your account
  • Generated from the Tokens > Personal page on the Doppler Dashboard

Service Tokens

  • Provide read or read/write access to secrets within a specific config
  • Generated from the Project > Config > Access page on the Doppler Dashboard

Service Account Tokens

  • Provide access to a granular set of resources within your workplace
  • These tokens are attached to a Service Account
  • Read more about generating Service Account Tokens

SCIM Tokens:

  • Provide read/write access to users and groups within your workplace. This may be used by your Identity Provider (IdP)
  • Generated from the Tokens > SCIM page on the Doppler Dashboard (requires SCIM to be enabled)

Audit Tokens

  • Provide read-only access to users and groups within your workplace
  • Generated from the Tokens > Audit page on the Doppler Dashboard

All API requests must be made over HTTPS. Calls made over plain HTTP will redirect to HTTPS. API requests without authentication may also fail.

Authentication to the API is performed by providing a bearer token to the HTTP Authorization header.

curl --request GET \
    --url 'https://api.doppler.com/v3/configs/config/secrets/download?format=json' \
    --header "Authorization: Bearer <TOKEN>"

Rate Limits

Doppler's servers enforce rate limits to ensure our APIs are responsive as we grow. The first rate limit is tied to an individual IP address and set to 240 requests per minute. The second rate limit is tied to an individual API key and set to 240 requests per minute. Most of the time these rate limits overlap but can differ when you take into account failed authorization attempts. If your team needs a higher rate limit, please reach out.

Errors

Doppler uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.). Codes in the 5xx range indicate an error with Doppler's servers (these are rare).