ChangelogBook a demoSign up

API overview

Overview

Hightouch exposes a REST API that lets users interact with resources like syncs, models, sources, and destinations. Though the REST API is open to all Hightouch users, we aim to build features so you don't need to rely on it directly. For example, Git Sync lets you manage workspace resources programmatically.

If you're looking to create a custom destination, it's best to use the HTTP Request destination as your base. If you find you still need to use the REST API directly, about your use case.

To start using the API, you must first create and retrieve an API key from your workspace.

Required permissions

To use Hightouch programmatically through the API, you must use an API key created by an Admin user of your Hightouch workspace. See Roles for more information.

Create an API key

Log in to Hightouch as an Admin user of your Hightouch workspace, then follow these steps:

  1. From the API keys tab on the Settings page, select Add API key.
  2. Enter a descriptive Name for your key.
  3. Copy your API key and store it in a safe location. The key will only be displayed once.
  4. Click Create API key.

Once you have an API key, you can follow the API Reference documentation to start using the API.

Revoke an API key

Your API key provides read/write access to sensitive Hightouch resources and should be kept secure. If you believe your API key may have been compromised, revoke it immediately.

Log in to Hightouch as an Admin user of your Hightouch workspace, then follow these steps:

  1. From the API keys tab on the Settings page, select the API key or keys you want to revoke.
  2. Select Delete selected.
  3. In the modal that appears, select Delete.

Hightouch API Rate Limits

The Hightouch API rate limit is 200 requests per 10 seconds per workspace.

TLS requirements

The Hightouch REST API requires TLS 1.2 or later. The API rejects requests that use an older protocol version.

The API supports the following cipher suites:

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384

On July 10, 2026, Hightouch removes support for several weaker cipher suites. After that date, the API rejects requests that negotiate any of the following:

ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384

If your API client only supports the deprecated cipher suites, update it before July 10, 2026 to avoid failed requests. Most modern HTTP libraries and TLS stacks already negotiate one of the supported suites.

Tips and troubleshooting

If you encounter issues using the Hightouch API, check our status page or for assistance.

Common Errors

The following error indicates an issue with your API key. Check that the creator of the API key is an Admin user of your Hightouch workspace.

{
  "message": "Authentication error",
  "details": "No user found"
}

Ready to get started?

Jump right in or a book a demo. Your first destination is always free.

Book a demoSign upBook a demo

Need help?

Our team is relentlessly focused on your success. Don't hesitate to reach out!

Feature requests?

We'd love to hear your suggestions for integrations and other features.

Privacy PolicyTerms of Service

Last updated: Jun 25, 2026

On this page
  • Overview
  • Required permissions
  • Create an API key
  • Revoke an API key
  • Hightouch API Rate Limits
  • TLS requirements
  • Tips and troubleshooting
  • Common Errors

Was this page helpful?