API Families
Plato has two customer-facing API styles.Base URLs
Choose the correct API host for production, Console setup, private environments, and local development.
Authentication
Send Plato API keys safely with headers and keep keys out of public code.
Permissions
Map API keys to roles so each integration can only access what it needs.
Errors And Limits
Handle common errors, pagination limits, rate limits, and safe retries.
Data And Workflow APIs
CMS API
Read and write structured CMS entries from websites, apps, and trusted backends.
Connect360 API
Build website chat, conversation, attachment, and AI-assisted messaging flows.
Restaurant APIs
Read menu products, categories, and recent order feed data.
Forms API
Fetch public form schemas and submit trusted form responses.
Typed Backend API
Typed backend calls are used for selected server-side integrations. Use it for:- Connect360 conversations, messages, attachments, and AI replies.
- Restaurant order feed access.
- Typed request and response shapes generated from Plato.
REST Public APIs
REST public APIs are better when a website, no-code tool, or non-TypeScript backend needs plain HTTP endpoints. Use them for:- CMS entries.
- Menu products and categories.
- Public forms.
- Legacy dynamic models.
What Is Not A Public API
Some routes exist so Plato can run the Console, process webhooks, render PDFs, or authenticate users. Those routes are not stable public integration contracts. Do not build external integrations against routes such as auth callbacks, Stripe or provider webhooks, cron jobs, Open Graph images, or internal Console browser requests. See Internal Routes for the short list of routes to avoid.Before You Build
- Create a dedicated role for the integration.
- Give that role only the permissions it needs.
- Create an API key in Console.
- Store the key in a server-side secret store.
- Test with a small request before sending production traffic.