API reference

REST over HTTPS. JSON request and response. Bearer-token auth. All endpoints rooted at https://api.toutmark.com/v1.

Authentication

Generate an API key at /app/settings#api-keys. Send it as a Bearer token:

curl https://api.toutmark.com/v1/queue \
  -H "Authorization: Bearer tm_live_..."

Keys are scoped to a single customer account. Rotate from the same settings page; old keys are revoked immediately.

Queue

GET/v1/queue

List all pending approval items.

Param	Type	Description
`feature`	string	Filter by feature: `paragraph_rewrite`, `schema`, `llms_txt`, `faq`, `blog_post`, `review_response`, `haro_pitch`, `press_release`
`status`	string	Default `pending`. Also `approved`, `rejected`
`limit`	int	Default 50, max 200

POST/v1/queue/:id/approve

Approve a single item. Triggers ship-to-site immediately.

POST/v1/queue/approve-all

Approve all pending items in one call. Optional feature filter.

POST/v1/queue/:id/reject

Discard a draft. Body: { "reason": "tone off" } (optional).

Changes

GET/v1/changes

List changes that have shipped. Paginated.

POST/v1/changes/:id/revert

Revert a single change. Roll-forward / roll-back is logged on the change.

POST/v1/changes/revert-all

Revert every change. Requires X-Toutmark-Confirm: revert-all header.

Billing

GET/v1/billing

Current plan, founder-pricing-locked rate, next invoice date, payment method last4.

POST/v1/billing/portal-session

Returns a one-time URL to the Stripe customer portal for this account.

Webhooks

Subscribe at /app/settings#webhooks. Payloads are signed with HMAC-SHA256 in the X-Toutmark-Signature header.

{
  "event": "draft.created",
  "data": {
    "id": "drft_01H8...",
    "feature": "paragraph_rewrite",
    "url": "https://yourcompany.com/services/x",
    "preview_url": "https://app.toutmark.com/preview/drft_01H8..."
  },
  "timestamp": "2026-05-07T12:34:56Z"
}

Events: draft.created, draft.approved, draft.rejected, change.shipped, change.reverted, citation.detected, billing.invoice_paid, billing.invoice_failed.

CLI (preview)

# Install
npm install -g @toutmark/cli

# Authenticate
toutmark login

# List queue
toutmark queue list

# Approve a single item
toutmark queue approve drft_01H8...

# Approve all
toutmark queue approve-all --feature paragraph_rewrite

# Run audit on a URL
toutmark audit https://example.com

SDKs

// TypeScript
import { Toutmark } from "@toutmark/sdk";
const tm = new Toutmark({ apiKey: process.env.TM_KEY });
const queue = await tm.queue.list({ feature: "paragraph_rewrite" });
await tm.queue.approve(queue[0].id);

Error codes

Code	Meaning
`401`	Missing or invalid API key
`402`	Subscription past due
`403`	Action requires regulated-mode CCO approval
`404`	Resource not found (or not in your account)
`409`	Item already approved / rejected / shipped
`422`	Validation error — see `error.fields`
`429`	Rate-limited

Rate limits

120 requests / minute per API key. Bulk operations like approve-all count as one. Limit headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.