ALOTDocumentation
Go to Dashboard →

REST API

The ALOT API is a versioned REST API hosted at https://api.yourdomain.com/v1. All responses follow a consistent envelope format.

Base URL

https://api.yourdomain.com/v1

Response format

{
  "data": { ... },       // Payload
  "message": "...",      // Optional success message
  "timestamp": "2026-05-25T12:00:00.000Z"
}

Errors return:

{
  "statusCode": 400,
  "message": "Validation failed",
  "errors": ["email must be an email"],
  "timestamp": "...",
  "path": "/v1/auth/login"
}

Pagination

List endpoints accept ?page=1&limit=20 and return:

{
  "data": {
    "items": [...],
    "total": 142,
    "page": 1,
    "limit": 20
  }
}

Endpoints overview

Auth

MethodPathDescription
POST/auth/registerRegister user + create org
POST/auth/loginLogin, returns access + refresh tokens
POST/auth/refreshRefresh access token
POST/auth/logoutInvalidate refresh token
GET/auth/meGet current user + org

Assessments

MethodPathDescription
GET/assessmentsList assessments (paginated)
POST/assessmentsCreate assessment
GET/assessments/:idGet assessment with stages
PATCH/assessments/:idUpdate assessment
DELETE/assessments/:idDelete assessment
POST/assessments/:id/publishPublish assessment
POST/assessments/:id/archiveArchive assessment
POST/assessments/:id/duplicateClone assessment + stages
GET/assessments/:id/stagesList stages
POST/assessments/:id/stagesAdd stage
PATCH/assessments/:id/stages/:stageIdUpdate stage
DELETE/assessments/:id/stages/:stageIdDelete stage
POST/assessments/:id/reorder-stagesReorder stages
POST/assessments/generate-questionsAI question generation (PRO)

Candidates

MethodPathDescription
GET/candidatesList all candidate sessions
GET/candidates/:idGet candidate session
POST/candidates/:assessmentId/inviteInvite candidate by email

Billing

MethodPathDescription
GET/billing/subscriptionGet current org subscription
POST/billing/checkoutCreate Paystack checkout session
POST/billing/verifyVerify Paystack transaction by reference
POST/billing/cancelCancel subscription
GET/billing/manageGet Paystack management URL
POST/billing/webhook/paystackPaystack webhook receiver (public)

API Keys (PRO)

MethodPathDescription
GET/api-keysList API keys (prefix only)
POST/api-keysCreate API key (full key shown once)
DELETE/api-keys/:idRevoke API key

Webhooks (PRO)

MethodPathDescription
GET/webhooksList webhooks
POST/webhooksCreate webhook
DELETE/webhooks/:idDelete webhook
PATCH/webhooks/:id/toggleEnable/disable webhook

Analytics

MethodPathDescription
GET/analytics/dashboardDashboard stats
GET/analytics/assessments/:idPer-assessment analytics

Public (API Key auth)

MethodPathDescription
GET/public/assessmentsList published assessments
GET/public/assessments/:idGet assessment
GET/public/assessments/:id/candidatesList candidates for assessment
GET/public/candidatesList candidate sessions
GET/public/candidates/:idGet candidate session
GET/public/results/:tokenGet results by result token

Rate limiting

The API enforces three tiers of rate limits:

  • 10 requests per 1 second (burst)
  • 50 requests per 10 seconds
  • 200 requests per 60 seconds

Exceeding limits returns HTTP 429 Too Many Requests.

Authentication →