REST API overview
Everything the DataSquares UI does goes through the REST API, and a curated
developer subset of it is documented here — the endpoint groups you need to
integrate, automate, and embed. All endpoints live under /api/ on your
DataSquares host and speak JSON.
Authentication
Section titled “Authentication”Requests carry a bearer token:
curl https://<your-datasquares-host>/api/dashboards \ -H "Authorization: Bearer <token>"Two ways to get one:
- API keys — for integrations. An admin creates one under Admin → API Keys with a scope (read, read/write, or admin). The key is shown once at creation.
- Session tokens — sign in via the Auth endpoints with user credentials; you’ll receive the same JWT the web app uses.
Permissions follow the caller: an API key is bounded by its scope, a user token by the user’s role.
Conventions
Section titled “Conventions”- List endpoints paginate with
limitandoffsetquery parameters. - Errors return conventional status codes (
400validation,401unauthenticated,403forbidden,404not found,409conflict) with a JSON body describing the problem. - Query endpoints are read-only — only
SELECT/WITHSQL is accepted, matching the product’s SQL editor rules.
Endpoint groups
Section titled “Endpoint groups”| Group | Covers |
|---|---|
| Auth | sign-in, tokens, MFA, SSO |
| API Keys | programmatic credentials |
| Data Sources | connections: create, test, sync |
| Query | run read-only SQL |
| Saved Queries | the SQL library |
| Dashboards | dashboards and cards |
| Sharing | share links |
| Embedding | embed tokens and domains |
| Reports | reports and schedules |
| Themes | workspace themes |
This reference is generated from the API’s OpenAPI specification, so it stays in lock-step with the deployed surface. Endpoint groups beyond this subset (admin, internal) exist but aren’t documented publicly — if you need one for an integration, ask.