Together API
Build with Together.
A REST API over the fundraising platform. Authenticate with a single bearer key, get a consistent error envelope on every response, and subscribe to webhooks for state changes. Start with the quickstart; reach for the reference when you need the full surface.
Start here
Two-minute tour
Quickstart
Create a key, hit /whoami, list a few donors. Zero to a successful call in under two minutes.
Interactive reference
API reference
Every endpoint, every parameter, with a Try It console. Authorize once, then hit any route from the browser.
Risk-free
Sandbox
Build against a paired sandbox organisation with Stripe test mode and seeded data. No risk to live data.
Essentials
One envelope
Errors
One error envelope across the whole API. Status codes, request IDs, retry policy.
Safe retries
Idempotency
Send Idempotency-Key on any POST or PATCH to make retries safe. Scope, TTL, replay rules.
100 per second
Rate limits
100 requests per second per organisation. Header semantics and how to handle 429s.
Push, not poll
Webhooks
Subscribe to events on a signed endpoint. State changes, delivery semantics, replay handling.
Onboard a partner
Introductions
Programmatically introduce a partner organisation as a recipient. State machine, confidentiality contract, abuse rails.
How it fits together
- Base URL:
https://alltogether.giving/api/v1. Every authenticated request carries one header:Authorization: Bearer <key>. The key identifies the organisation; there is no separate tenancy header. - Keys are created and rotated at /settings/api. They have
READorWRITEscope; WRITE implies READ. - Sandbox orgs are paired 1:1 with live orgs at
{slug}-sandbox. Same role, different data, Stripe test mode. - Errors always come back as
{ error: { type, code, message, request_id, doc_url } }. Branch oncode. - Retries are safe when paired with
Idempotency-Keyon POST or PATCH.
Support
Every response carries an x-request-id header. Include it in any support enquiry and we find the call instantly.