Overview
The DemandFlow REST API lets you read and write data in your DemandFlow tenant from scripts, integrations, LLM tools, or any HTTP client. All endpoints are under a single base URL, authenticate with a bearer token, and return JSON (or newline-delimited JSON for streaming responses).
Base URL
https://rest.demandflow.com
Authentication
Every request must include a Personal Access Token (PAT) in the Authorization header:
Authorization: Bearer <your-pat>See Getting an API Token for how to create and manage tokens.
Endpoints at a glance
| Method | Path | Purpose |
|---|---|---|
| GET | /v1/objects/{id} | Read one object by id |
| POST | /v1/objects | Create an object |
| PATCH | /v1/objects/{id} | Update selected fields on an object |
| DELETE | /v1/objects/{id} | Delete an object |
| GET | /v1/entities/{entity}/{comboKey} | Stream a list of objects matching an entity + comboKey prefix |
| POST | /v1/query | Run multiple list queries in parallel and stream the combined results |
Response formats
- Single-object endpoints (GET/POST/PATCH/DELETE
/v1/objects) return a single JSON object. - List endpoints (
/v1/entities/...and/v1/query) return NDJSON, one JSON object per line, sent as soon as each row is available. This lets you process results while the server is still working instead of waiting for the full response.
First request
Replace <your-pat> with a token from your user profile, then try:
curl -H "Authorization: Bearer <your-pat>" \\
"https://rest.demandflow.com/v1/entities/PPL/SUB"You should get back a stream of NDJSON lines, one per person in your tenant.
Errors
Errors return a JSON body with error and message fields and a standard HTTP status:
400, malformed request (bad JSON body, missing id in path, etc.)401, noAuthorizationheader403, invalid or expired token, or trying to touch another tenant's data404, object not found405, method not allowed on this path5xx, something broke on our side
On streaming endpoints errors can arrive mid-stream as a line with _type: "error".