Appstrate
[Developer Platform]

An API that treats you like Stripe treats Stripe.

Date-versioned, idempotency-safe, RFC 9457 errors, IETF rate-limit headers. Every detail.

Read the docsTry Cloud
[01 · Why it matters]

The way a real platform API should behave.

Most AI APIs feel like prototypes. Breaking changes without notice, flat error strings, no idempotency, no retries.

Appstrate follows the conventions Stripe, GitHub, and the IETF have been refining for a decade. Boring, predictable, forward-compatible.

[02 · How it works]

Date versioning. Idempotency. Structured errors. Rate limit headers.

Every request has a version, an idempotency key, a Request-Id. Every response has proper headers and typed bodies.

  • ✓ Date-based API versioning via Appstrate-Version header
  • ✓ Idempotency keys on all POST routes, 24h replay window
  • ✓ RFC 9457 application/problem+json error bodies
  • ✓ IETF RateLimit headers + Retry-After
  • ✓ Request-Id on every response
RequestHTTP
POST /api/agents/@acme/refund-triage/run HTTP/1.1
Host: app.appstrate.com
Authorization: Bearer ask_...
Appstrate-Version: 2026-03-21
Idempotency-Key: 01HX6RTQMXR3H7QKWSJF2E8VCG
Content-Type: application/json

{
  "input": { "email_id": "msg_9qp3k8zp" }
}
Response200 OK
HTTP/1.1 200 OK
Request-Id: req_abc123
Appstrate-Version: 2026-03-21
Idempotent-Replayed: false
RateLimit-Policy: "run";q=20;w=60
RateLimit: "run";r=19;t=58

{
  "runId": "run_cm1abc123def456"
}
See the full API reference →
[03 · Deep dive]

What makes it work.

📅

Date versioning

Appstrate-Version header. Pin per request or per org.

🔁

Idempotency

24h replay window. Body hash conflict detection.

⚠️

RFC 9457 errors

application/problem+json. Typed, stable, actionable.

🚦

Rate limit headers

IETF RateLimit + Retry-After. Know before you get 429.

[04 · Conventions, in detail]

Boring. Predictable. Forward-compatible.

The conventions Stripe, GitHub, and the IETF have refined over a decade. Nothing invented here. Everything documented.

Date versioning

Each API version is a calendar date (e.g. 2026-03-21). Pin per request via the Appstrate-Version header, or at the org level via settings. Deprecated versions return a Sunset header 6 months before removal.

Idempotency keys

POST requests accept an Idempotency-Key header (24h replay window). Body hash conflict detection catches mismatches. Returns 409 on concurrent replay, 422 on body mismatch, Idempotent-Replayed: true on cached replay.

RFC 9457 errors

Every error response is application/problem+json. Typed type URI, machine-readable code, human-readable title, actionable detail. Stable across versions.

Rate limiting

IETF RateLimit structured header (limit=N, remaining=M, reset=S) plus RateLimit-Policy and Retry-After. Per-user for sessions, per-API-key for keyed access, per-IP for public routes.

[05 · Related]

Works great with

Applications
Multi-tenant primitives.
Webhooks
Outbound events.
Observability
Trace every run.

An API you'll enjoy integrating.

Full OpenAPI 3.1 at /docs/api-reference. 191 endpoints, all validated.

Read the API referenceTry Cloud