API Reference¶
The Carbon Connect API provides programmatic access to the Carbon Funding Navigator platform. All endpoints are served over HTTPS and return JSON responses.
Base URL¶
For local development:
Authentication¶
The API uses JWT Bearer tokens for authentication. Include the token in the Authorization header:
Tokens are obtained through the Authentication endpoints. Access tokens expire after 30 minutes; refresh tokens expire after 7 days. See the Auth documentation for the full token lifecycle.
Public Endpoints
Some endpoints (grants listing, reference data, health check, partner referral clicks) do not require authentication and are marked accordingly in each section.
Rate Limiting¶
Rate limits are enforced per tenant to ensure fair usage across all organizations:
| Tier | Requests per Minute | Burst Limit |
|---|---|---|
| Free | 60 | 10 |
| Starter | 300 | 30 |
| Professional | 1,000 | 100 |
| Enterprise | 5,000 | 500 |
When a rate limit is exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating the number of seconds to wait.
Error Format¶
All errors follow a consistent JSON structure:
For validation errors (422), the response includes field-level detail:
{
"detail": [
{
"loc": ["body", "email"],
"msg": "value is not a valid email address",
"type": "value_error.email"
}
]
}
Standard HTTP Status Codes¶
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request succeeded |
| 201 | Created | Resource successfully created |
| 204 | No Content | Request succeeded with no response body |
| 400 | Bad Request | Invalid request body or parameters |
| 401 | Unauthorized | Missing or invalid authentication token |
| 403 | Forbidden | Authenticated but insufficient permissions |
| 404 | Not Found | Resource does not exist or is not accessible |
| 422 | Unprocessable Entity | Request body failed validation |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Unexpected server error |
Pagination¶
All list endpoints support cursor-based pagination with consistent parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number (1-indexed) |
page_size | integer | 20 | Items per page (max: 100) |
Paginated responses include metadata:
Multi-Tenancy¶
All authenticated requests are automatically scoped to the current user's tenant. Cross-tenant access is prevented at the middleware level. Resources created by one tenant are invisible to another.
Content Types¶
- Request body:
application/json - Response body:
application/json - Streaming endpoints:
text/event-stream(SSE) - OAuth2 login:
application/x-www-form-urlencoded
Endpoint Groups¶
| Group | Prefix | Auth Required | Description |
|---|---|---|---|
| Authentication | /auth | Mixed | Registration, login, token management |
| Companies | /companies | Yes | SME profile management with carbon profiles |
| Grants | /grants | Mixed | Grant discovery, search, and filtering |
| Matches | /matches | Yes | AI-powered company-grant matching |
| Applications | /applications | Yes | Grant application lifecycle management |
| Dashboard | /dashboard | Yes | Aggregated statistics and activity feeds |
| Partners | /partners | Mixed | Partner program, referrals, and commissions |
| Reference Data | /reference | No | NACE codes and country lookups |
| Notifications | /notifications | Yes | Notification preferences and history |
OpenAPI Specification¶
The full interactive API documentation is available at:
- Swagger UI:
{base_url}/docs - ReDoc:
{base_url}/redoc - OpenAPI JSON:
{base_url}/openapi.json