# API Usage and Tokens

Curiosity Workspace provides comprehensive APIs for programmatic access to the graph, search engine, and administrative functions.

All API requests must be authenticated using a Bearer token.

1. Navigate to the Admin section of the Workspace UI.
2. Go to API Tokens and click Create Token.
3. Select the required scopes (e.g., read, write, admin).
4. Copy and securely store the token; it will not be displayed again.

Tokens are limited by the scopes assigned during creation: You can define the scope based on the path of your custom endpoints, for example:

• search/*: Access to your custom search endpoints.
• ingest/*: Specifically for data ingestion tasks.
• analytics/*: Custom analytics and dashboard endpoints.

• REST API: Standard endpoints for CRUD operations and search.
• GraphQL: Flexible query language for complex graph traversals and data retrieval.

Custom endpoints are exposed as GET and POST endpoints in standard paths on your workspace.

GET requests are only available for endpoints that do not access the body of the HTTP request.

To ensure platform stability, you can implement rate limiting on your endpoints.

• For example, limits that are applied per token or per IP address.
• If a limit is exceeded, the API returns a 429 Too Many Requests status.

curl -X GET "https://your-workspace.curiosity.ai/api/v1/search?q=query" \
     -H "Authorization: Bearer YOUR_TOKEN"

• Explore the API reference: API Overview
• Build custom logic: Custom Endpoints