Skip to main content
/Docs

Developer Platform Overview

StudioBase exposes two integration surfaces for getting studio events into external systems:

  1. Outbound webhooks — studio owners register HTTPS endpoints in Settings → Integrations → Webhooks and receive signed JSON deliveries for studio events. See Webhook Events and Verifying Webhook Signatures.
  2. OAuth 2.0 partner API — approved partner applications (such as the StudioBase Zapier app) connect on a studio owner's behalf via OAuth 2.0 and manage event subscriptions through the Webhook Subscription API.

Partner API access is invite-only. OAuth clients are registered by the StudioBase team — contact us to register an application.

Base URL

All API endpoints are served from the apex domain over HTTPS:

https://www.studiobase.org

All request and response bodies are JSON unless noted otherwise (the OAuth token endpoint accepts form-encoded requests).

Authentication

SurfaceMechanism
Webhook deliveries (to you)Signed with your endpoint secret — verify the signature
Partner API (/api/zapier/*)Authorization: Bearer <access_token> from the OAuth flow

Access tokens expire after 1 hour; refresh them with the refresh_token grant. A 401 with body {"error": "invalid_token"} means the token is missing, expired, or revoked — obtain a fresh token and retry.

Rate limits

EndpointLimit
POST /api/oauth/token30 requests/min per IP
POST /api/zapier/hooks, DELETE /api/zapier/hooks/{hookId}30 requests/min per connection
Other /api/zapier/* endpoints60 requests/min per connection

Rate-limited responses return 429 with X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and Retry-After (seconds) headers. Back off and retry after the indicated delay.

Reference

Last updated June 11, 2026
Next
OAuth 2.0

Navigation