Home
Bondi
BONDI · DATA API REFERENCE v2026.04.27 · STABLE

§ 00  -  INTRO

the data API

Every Bondi workspace exposes its tables as a typed CRUD API. Two equivalent surfaces - REST for traditional integrations, GraphQL for typed end-to-end frontends. Pick whichever fits your stack.

open the rest reference open studio
A REST /rest/{ws}/{env}

Generic endpoints, identical for every workspace. Best for traditional integrations and SDK generation.

  • 13 endpoints, schema-agnostic URLs
  • Column serials live in the request body
  • OpenAPI 3.1 spec ships with the service
B GraphQL /graphql/{ws}/{env}

Schema generated from your tables. Typed end-to-end. Best for power users and rich frontend apps.

  • Per-workspace schema, derived from your tables
  • FK relations resolve to nested objects
  • Playground lives inside Studio (auth-gated)
§ 01

Authentication

All requests require an API key in the Authorization header.

request header 
Authorization: Bearer bondi_pk_…

Create a key in Studio → Integrations → API Keys → Create. The full token is shown once on creation - copy it then. Lost keys cannot be recovered, but you can rotate or revoke and issue a new one.

§ 02

Finding your IDs

Both surfaces are scoped by workspaceId and environmentId, which appear in your endpoint URLs. Find them in Studio → Settings → Workspace.

workspaceId UUID - your workspace
environmentId UUID - env within workspace
tableSerial UUID - stable across environments
§ 03

Endpoints

A. REST

GET /rest/{ws}/{env}/schemas list schemas
GET /rest/{ws}/{env}/tables list tables
GET /rest/{ws}/{env}/tables/{serial}/columns table columns
GET /rest/{ws}/{env}/tables/{serial}/relations FK relations
GET /rest/{ws}/{env}/tables/{serial}/records list records
POST /rest/{ws}/{env}/tables/{serial}/records create record
PATCH /rest/{ws}/{env}/tables/{serial}/records/{id} update record
DELETE /rest/{ws}/{env}/tables/{serial}/records/{id} delete record
POST /rest/{ws}/{env}/files/upload-url presigned upload

The endpoint URLs are the same for every workspace - only the request body's data map differs (its keys are your column serials). Full reference with try-it-out: /docs/api/rest-api.

B. GraphQL

POST /graphql/{ws}/{env} single endpoint

The schema is generated from your tables. Naming pattern:

  • <schema><Table>() - list query (filters, pagination, ordering)
  • <table>ById() - fetch by primary key
  • create<Table>, update<Table>, updateMany<Table>, delete<Table> - mutations
  • Foreign-key relations resolve to nested objects.

The schema is private to your workspace, so the GraphQL playground lives inside Studio, behind your login - open it from Integrations → API Playground → GraphQL.

§ 04

Schema discovery

Use the metadata endpoints to enumerate your tables and columns. Useful for code generation or admin tools that adapt to schema changes.

~/$ curl 
curl https://data-api.heybondi.com/rest/$WS/$ENV/schemas \
  -H "Authorization: Bearer $BONDI_PK"

curl https://data-api.heybondi.com/rest/$WS/$ENV/tables/$TABLE_SERIAL/columns \
  -H "Authorization: Bearer $BONDI_PK"
§ 05

Worked example

List the first three rows of a table - same intent, two surfaces.

A. REST

~/$ curl 
curl "https://data-api.heybondi.com/rest/$WS/$ENV/tables/$TABLE_SERIAL/records?limit=3" \
  -H "Authorization: Bearer $BONDI_PK"

B. GraphQL

~/$ curl 
curl https://data-api.heybondi.com/graphql/$WS/$ENV \
  -H "Authorization: Bearer $BONDI_PK" \
  -H "Content-Type: application/json" \
  -d '{"query":"{ publicCustomers(limit: 3) { id _display } }"}'
§ 06

Versioning & deprecation

The API is date-versioned (current: 2026-04-27). Breaking changes are announced at least 90 days in advance, and the previous version continues to serve traffic during the migration window. You don't need to pin a version header today - the active version is published in the OpenAPI spec at /docs/api/rest-api.

notice

Field deprecations are surfaced in the OpenAPI spec and on GraphQL field metadata before they're removed.

§ 07

Limits

  • Rate limit - per-tenant, enforced at dispatch. Headers X-RateLimit-Limit / -Remaining / -Reset on every response.
  • Pagination - pass limit and offset, or use cursor pagination via first + after.
  • File uploads - size enforced per file-type category server-side. Returns 422 if exceeded.
§ 08

Errors

All errors share one envelope:

application/json 
{
  "error": "Validation Error",
  "message": "Request body must include 'data' field",
  "fieldErrors": [...]
}

· Status codes

200 OK
201 Created
400 Validation
401 Unauthenticated
403 Forbidden
404 Not Found
409 Conflict
422 Unprocessable
429 Rate Limited
500 Server Error

§ FIN

ready to ship?

Open the interactive REST reference, or jump straight into the GraphQL playground inside Studio.

open rest reference launch studio