Postman collection
Download the collection: constellation-os.postman_collection.json
The collection covers the full API surface with one folder per endpoint family: Health (all four probes), Topology, Telemetry (a POST with a sample record array), and Predictions (cached and live). Request descriptions carry the real limits and error codes, so the collection doubles as inline reference while you explore.
Import
- In Postman: File, then Import, then drop in
constellation-os.postman_collection.json(or paste the URL above if your docs site is reachable from Postman). - Open the collection's Variables tab and set
apiKeyto your tenant API key. - Send
GET /healthfirst; it needs no key and confirms connectivity. Then sendGET /topologyto confirm your key works.
Auth
Collection-level auth sends x-api-key: {{apiKey}} on every request. The Health folder overrides this with No Auth because /health* endpoints are open; everything else inherits the collection auth.
Treat the key like a credential: set it as a secret type variable, or better, keep it in a Postman environment or vault rather than in the shared collection, so exporting or sharing the collection never leaks it.
Environments
baseUrl defaults to production. The collection embeds all three base URLs as documented variables:
| Variable | Value |
|---|---|
prodBaseUrl | https://api.constellation.space |
devBaseUrl | https://dev.api.constellation.space |
sandboxBaseUrl | https://sandbox.api.constellation.space |
Two ways to switch:
- Quick: edit the
baseUrlcollection variable to one of the values above. - Clean: create three Postman environments (prod, dev, sandbox), each defining
baseUrlandapiKey. Environment variables shadow collection variables, so the environment picker becomes your environment switch, and each environment can hold its own key. Keys are environment-specific; a prod key does not work against sandbox.
What to expect while exploring
POST /telemetryreturns 202 withwrite_id,accepted_count,rejected_count, andrejected_indices. Send more than 1000 records to see the 413batch_too_largeenvelope.GET /predictionswithlive=truereturns the provenance-carryingInferencePayload; without it you get the cachedPredictionSet.- Hammering Send trips the real rate limits (per-IP 30/min, per-tenant 60/min): a 429
rate_limitedresponse withretry_after_secondsand aRetry-Afterheader. - Repeated requests with a wrong key trigger the auth lockout: 5 failures within 300 seconds lock your IP for 900 seconds (429
auth_lockout). Double-check the key before retrying in a loop.