Skip to main content

Welcome

The v2 API is SELECT’s unified, RESTful API. All v2 endpoints are accessed under the base URL https://api.select.dev/v2.
v2 is a new API surface with a different authentication model than v1. If you are migrating from v1, see What changed from v1 below.

Authentication

Every request needs two headers:
HeaderDescription
AuthorizationBearer <API_KEY> — create a key in the SELECT dashboard under Settings → API Keys. The key must have the scopes required by the endpoint.
x-tenant-idYour SELECT organization ID (org_...). Found in the SELECT app under your profile settings.
curl https://api.select.dev/v2/audit-logs \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "x-tenant-id: org_YOUR_ORG_ID"

What changed from v1

  • Organization is a header, not a path parameter. v1 routes embedded organization_id in the path (/api/{organization_id}/...). v2 identifies your organization with the x-tenant-id header, so paths are clean resource names (/v2/audit-logs).
  • Cursor pagination. List endpoints return a page_token; there is no offset/page paging.
  • RFC 9457 problem responses. Errors use application/problem+json with a stable code field.

Pagination

List endpoints return at most max_results records (default 50, max 500) plus a page_token:
{
  "items": [ ... ],
  "page_token": "eyJmIjoi...",
  "row_count": null
}
To read the next page, pass the page_token back. Keep going until page_token is null — that means you have reached the end.
curl "https://api.select.dev/v2/audit-logs?max_results=500&page_token=eyJmIjoi..." \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "x-tenant-id: org_YOUR_ORG_ID"
page_token is the only reliable way to page. Do not build your own cursor from response fields such as timestamps — records can share identical values, and a hand-rolled cursor can silently skip or stall.

Responses

Standard HTTP status codes indicate success or failure. Errors return application/problem+json:
{
  "type": "about:blank",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Invalid API key.",
  "code": "unauthorized",
  "retryable": false
}
Use the code field for programmatic handling; it is stable across releases.