Reference · § API
Registora API
A read-only JSON API to pull your subprocessor list, upstream provider changes, and workspace audit log into your own systems.
https://registora.com/api/v1● Growth plan and above§ I
Authentication
Every request needs a Bearer API key in the Authorization header. Create one in your dashboard under Settings → API keys. Keys are shown once at creation and stored hashed - they cannot be retrieved later, only regenerated.
curl https://registora.com/api/v1/subprocessors \
-H "Authorization: Bearer rg_live_xxxxxxxxxxxxxxxx"All traffic must use HTTPS. Plain HTTP is rejected.
§ II
Base URL
Every endpoint below is relative to the base URL. All responses are JSON (Content-Type: application/json) and wrap their results in adata array alongside a pagination object.
https://registora.com/api/v1§ III
Endpoints
/api/v1/subprocessorsYour workspace's current disclosed subprocessor list - the same data shown on your public register. Library entries carry a providerSlug; custom entries have source: custom.
Query parameters
limitRecords to return. Default 50, max 100.offsetRecords to skip for pagination. Default 0.Example response
{
"data": [
{
"name": "Amazon Web Services",
"purpose": "Cloud infrastructure and hosting",
"location": "United States",
"source": "library",
"providerSlug": "aws"
},
{
"name": "Acme Internal Tooling",
"purpose": "QA + analytics",
"location": "US / California",
"source": "custom",
"providerSlug": null
}
],
"pagination": { "total": 14, "limit": 50, "offset": 0 }
}/api/v1/changesUpstream changes to the providers you disclose - additions, removals, and modifications detected by daily monitoring. Newest first.
Query parameters
limitRecords to return. Default 50, max 100.offsetRecords to skip for pagination. Default 0.Example response
{
"data": [
{
"provider": { "slug": "stripe", "name": "Stripe" },
"changeType": "added",
"subprocessorName": "Lithic, Inc.",
"detail": null,
"detectedAt": "2026-05-18T09:14:22Z"
},
{
"provider": { "slug": "vercel", "name": "Vercel" },
"changeType": "removed",
"subprocessorName": "PlanetScale",
"detail": null,
"detectedAt": "2026-05-12T06:03:11Z"
}
],
"pagination": { "total": 38, "limit": 50, "offset": 0 }
}/api/v1/audit-logYour workspace's audit log - every mutating action, timestamped and structured. Mirrors the dashboard CSV export.
Query parameters
daysDays of history to include. Default 90, max 365.limitRecords to return. Default 50, max 100.offsetRecords to skip for pagination. Default 0.Example response
{
"data": [
{
"action": "subprocessor.add.library",
"payload": { "providerSlug": "stripe" },
"createdAt": "2026-05-20T14:07:55Z"
},
{
"action": "workspace.rename",
"payload": { "newName": "Acme Corp" },
"createdAt": "2026-05-19T10:33:01Z"
}
],
"pagination": { "total": 120, "limit": 50, "offset": 0 }
}§ IV
Pagination
List endpoints accept limit (default 50, max 100) andoffset. Every response carries a pagination object; you have more records when offset + limit < total.
"pagination": {
"total": 120, // total records matching the query
"limit": 50, // page size in effect
"offset": 0 // current offset
}§ V
Rate limits
Each key is limited to 120 requests per minute. Over the limit, the API returns 429 with a Retry-After: 60 header.
HTTP/1.1 429 Too Many Requests
Retry-After: 60
Content-Type: application/json
{ "error": { "code": "rate_limited", "message": "Too many requests. Limit is 120 per minute." } }§ VI
Errors
Errors return a consistent envelope with a machine-readable code and a human-readable message.
unauthorizedMissing, malformed, invalid, or revoked API key.forbiddenYour plan does not include API access (Growth or above).bad_requestA query parameter is missing or out of range.rate_limitedRate limit exceeded. See the Retry-After header.server_errorAn unexpected server error occurred.{ "error": { "code": "unauthorized", "message": "Invalid or revoked API key." } }Get a key
API access is included on the Growth and DORA plans. Open your dashboard, go to Settings → API keys, and create a key. It is shown once.
Open the dashboard →