Authentication

Authentication
Scopes
Rate limits
OAuth2 (coming)
Read next

The Sigilix API is in private beta. This page documents the authentication model; endpoints will land in subsequent releases.

All API requests use a personal access token (PAT) in the Authorization header:

curl https://api.sigilix.ai/v1/reviews \
  -H "Authorization: Bearer sgx_pat_xxxxxxxxxxxx"

PATs are minted on the Sigilix dashboard (coming soon). They’re scoped to a single Sigilix installation — one PAT per GitHub org.

Scopes

PATs have four scopes:

Scope	Endpoints
`reviews:read`	List and fetch past reviews
`findings:read`	Fetch individual findings + suggested patches
`webhooks:write`	Configure outbound webhooks for `review.completed` events
`config:write`	Modify `sigilix.yaml` programmatically (CI integration)

Choose the minimum scopes you need. The dashboard shows which endpoints each scope unlocks.

Rate limits

API requests are rate-limited separately from review limits:

Tier	API requests / hour
Free	100
Pro	1,000
Max	10,000

Headers on every response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 982
X-RateLimit-Reset: 2026-05-05T04:00:00Z

When you hit the limit, the API returns 429 with a Retry-After header.

OAuth2 (coming)

For server-to-server integrations (e.g., a third-party platform integrating with Sigilix on behalf of customer orgs), an OAuth2 flow is on the roadmap. Estimated: Q2 2026.

Endpoints

The reviews and findings endpoints (private beta).

Webhooks

Outbound webhook events Sigilix can fire on your endpoints.

Endpoints

⌘I

API

Documentation Index

​Authentication

​Scopes

​Rate limits

​OAuth2 (coming)

​Read next

Endpoints

Webhooks

Authentication

Scopes

Rate limits

OAuth2 (coming)

Read next