Skip to main content
The Acrity public API lets you query workspace context, repositories, pull requests, reviews, webhooks, credentials, bootstrap, and security scans according to the API key scopes.

Base

Public routes use the /api/v1 prefix. OpenAPI documentation is available in the Acrity environment at:
  • /docs, for interactive viewing;
  • /openapi/v1-public.json, for tool consumption;
  • localized variants when enabled, such as /openapi/v1-public.pt-BR.json.

Authentication

Use the X-Acrity-Key header:
curl \
  -H "X-Acrity-Key: acr_live_..." \
  "https://acrity.io/api/v1/context"
API keys are created under API Keys. Creating an API key requires a Workspace admin (platform admins also have access).

Scopes

FamilyReadWrite
ReviewsReviews.ReadReviews.Write
RepositoriesRepositories.ReadRepositories.Write
CredentialsCredentials.ReadCredentials.Write
WebhooksWebhooks.ReadWebhooks.Write
WorkspacesWorkspaces.ReadWorkspaces.Write
Security scansSecurityScans.ReadSecurityScans.Write
Prefer one API key per consuming system. This makes rotation, audit, and scope limitation easier.

Main resources

ResourceCommon use
Contextvalidate API key, workspace, and visible scopes
Repositorieslist, view status, and manage authorized connections
Pull requestsfind changes reviewed by Acrity
Reviewslist history, view findings, and request review when allowed
Webhookscreate, list, view, update, and enable or disable outbound webhooks (no hard delete)
Workspacesview workspace information and health
Credentialsview metadata and manage authorized credentials
Bootstrapcheck eligibility and track architecture guidance generation
Security scanslist, view, and start dependency scans

Pagination and filters

Listings can use pagination and filters. See your environment’s OpenAPI specification for exact parameters for each resource. The default page size is 20 and the maximum is 50. A request with a page size above 50 returns 400. Best practices:
  • use small pages in recurring integrations;
  • keep the cursor or processed page in the automation;
  • treat empty responses as a valid state;
  • apply backoff on 429.

Errors

StatusMeaning
400invalid request
401API key missing, invalid, expired, or inactive
403API key is valid, but lacks required scope
404resource not found or not visible to the workspace
409conflict with current resource state
429usage limit reached
5xxtemporary error or unavailability

Rate limits

Each API key is limited to about 300 requests per minute by default. When you exceed the limit, the API returns 429 along with these response headers:
HeaderMeaning
Retry-Afterseconds to wait before retrying
X-RateLimit-Limitrequests allowed per window
X-RateLimit-Remainingrequests remaining in the current window
X-RateLimit-Resettime when the current window resets
Honor Retry-After and apply backoff before retrying.

Example call

curl \
  -H "X-Acrity-Key: acr_live_..." \
  "https://acrity.io/api/v1/repositories?page=1&pageSize=25"
Start with /api/v1/context when diagnosing an integration. This call confirms whether the key is active and which scopes are available.