Skip to main content
This page gets you from zero to a successful authenticated call against the 4D nonprod environment.

1. Get your API key

Your organization’s admin obtains an API key during partner onboarding (or from the 4D team directly). Keys are prefixed org_ and are scoped to your organization - every call you make operates inside your own tenant, enforced at the database layer.
The org_ key is a server-side secret. Never ship it in client code - for browser event tracking there is a separate publishable key type, covered in Trigger an event.

2. Set up your environment

All examples in these docs target the nonprod environment:

3. Make your first call

Create (or attach) a member of your organization:
A 201 Created comes back with the full user record:
Run the same command again - same Idempotency-Key, same body - and you get the same user back with a 200 instead of a duplicate. Retries are safe by design.

Conventions to know

  • Wire format - JSON, snake_case field names.
  • Errors - every error shares one envelope:
    code is the stable contract; message wording may change.
  • Idempotency - mutating endpoints that declare it accept an Idempotency-Key header. Replaying the same key with the same body returns the original response; the same key with a different body is rejected with 409 IDEMPOTENCY_CONFLICT.

Next steps

Authentication

The three credential types and when each applies.

Walkthrough: create a user

The full lifecycle: create, fetch, update, lock, remove.