Management API Overview
The Texture Management API gives you full programmatic control over your organization's configuration. Everything you can do in the Texture Dashboard — creating workspaces, managing team members, rotating API keys, configuring webhook destinations — you can automate through this API.
What you can automate
| Capability | What it unlocks |
|---|---|
| Workspace provisioning | Spin up isolated environments for new customers, regions, or deployments in seconds |
| Team management | Invite members, assign roles, and offboard teammates without touching the Dashboard |
| API key lifecycle | Create, rotate, and revoke keys as part of your CI/CD pipeline or security automation |
| Event destinations | Configure webhooks and email notifications for device events programmatically |
| Collections | Build dynamic groups of devices, sites, or customers using criteria-based rules |
| OAuth applications | Register and manage OAuth apps for the Texture Connect flow |
| Audit trail | Query every management action for compliance, debugging, or security reviews |
Whether you're building a Terraform provider, a CI/CD pipeline, or a multi-tenant platform on top of Texture, the Management API is your foundation.
OpenAPI Spec available — Generate client libraries in any language using the spec at https://api.texturehq.com/v1/docs/swagger.json. It's OpenAPI 3.1 compatible and works with tools like openapi-generator, orval, and swagger-codegen.
Getting started
1. Create a Management API key
- Sign in to app.texturehq.com.
- Navigate to Developer → API Keys.
- Click Create API Key and select type MANAGEMENT.
- Give it a descriptive name (e.g., "CI/CD Management Key").
You can view and manage your keys at any time from the Developer section of the Dashboard.
Never commit API keys to version control. Use environment variables or a secrets manager (AWS Secrets Manager, HashiCorp Vault, 1Password, etc.).
2. Make your first request
curl -s https://api.texturehq.com/v1/workspaces \
-H "Texture-Api-Key: management_abc123..."import requests
resp = requests.get(
"https://api.texturehq.com/v1/workspaces",
headers={"Texture-Api-Key": "management_abc123..."}
)
print(resp.json())const resp = await fetch("https://api.texturehq.com/v1/workspaces", {
headers: { "Texture-Api-Key": "management_abc123..." },
});
const data = await resp.json();
console.log(data);Authentication
Management API keys use the same Texture-Api-Key header as other Texture API keys. See API Keys for details on creating and managing keys.
Management keys are scoped to your organization and can access all workspaces within it. They inherit the permissions of the user who created them — actions performed via the API are equivalent to the owner performing them in the Dashboard. For example, a non-admin user cannot use their management key to escalate their own role.
If you use a non-management key type (SERVER, API, etc.), management endpoints return:
{
"message": "This endpoint requires a Management API key. Create one in your Dashboard under Developer → API Keys."
}Rate limits
Rate limits are enforced per API key using a sliding-window algorithm.
| Tier | Limit | Methods |
|---|---|---|
| Read | 300 requests / minute | GET, HEAD |
| Write | 60 requests / minute | POST, PATCH, PUT |
| Destructive | 10 requests / minute | DELETE, POST /.../clear, POST /.../revoke |
Response headers
Every response includes rate-limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Retry-After | Seconds until you can retry (only on 429 responses) |
Implement exponential backoff with jitter in your client. Respect the Retry-After header value for the most efficient retry timing.
Pagination
List endpoints use offset-based pagination:
| Parameter | Type | Default | Range | Description |
|---|---|---|---|---|
page | integer | 1 | 1–1000 | Page number |
perPage | integer | 20 | 1–100 | Items per page |
Response metadata:
{
"data": [...],
"meta": {
"total": 42,
"page": 1,
"perPage": 20
}
}Error handling
Error responses include a message field, and may include a details object for validation errors:
{
"message": "Invalid parameters provided.",
"details": {
"error": "The 'name' field is required."
}
}The API uses standard HTTP status codes. A few worth noting:
| Status | Meaning |
|---|---|
204 | Accepted (no content) |
409 | Conflict — resource already exists or constraint violation |
429 | Rate limited — see Rate Limits |
502 | Upstream service temporarily unavailable — retry with backoff |
API versioning
The Management API is currently at v1 (/v1/). We follow these principles:
- No breaking changes within a version. New fields may be added to responses, but existing fields won't be removed or change type.
- Deprecation notices will be communicated at least 90 days before any endpoint is retired.
- Additive changes (new endpoints, new optional parameters, new response fields) are shipped without a version bump.
Glossary
| Term | Definition |
|---|---|
| Organization | Your top-level account. All workspaces, members, and API keys belong to an organization. |
| Workspace | An isolated environment within your organization. Each workspace has its own devices, sites, customers, and configurations. |
| Collection | A dynamic or static group of devices, sites, or customers defined by criteria-based rules. |
| Destination | A configured endpoint (webhook URL or email address) that receives event notifications. |
| Management API Key | An API key with organization-wide scope for managing configuration. Distinct from Server, API, and Scoped keys. |